Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upMemory disclosure in CUPS with admin URLs #3577
Comments
This comment has been minimized.
This comment has been minimized.
|
CUPS.org User: mike Fix is attached. |
This comment has been minimized.
This comment has been minimized.
|
CUPS.org User: mike Fixed in Subversion repository. |
This comment has been minimized.
This comment has been minimized.
|
"str3577.patch": Index: cgi-bin/var.c--- cgi-bin/var.c (revision 2161)
|
michaelrsweet
closed this
Jun 16, 2010
michaelrsweet
added
the
P3 - Moderate
label
Mar 17, 2016
michaelrsweet
added this to the Stable milestone
Mar 17, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
michaelrsweet commentedMay 5, 2010
Version: 1.4-current
CUPS.org User: mike
See attached PDF, but in short, a URL like
http://127.0.0.1:631/admin?URL=/admin/&OP=%
will produce an error response that discloses a some uninitialised memory. This could be used to bypass ASLR, for example. The problem is in cgi-bin/var.c in cgi_initialize_string().