CVE-2007-5849 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5849
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5849

Description: Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/39097 http://xforce.iss.net/xforce/xfdb/39101 UBUNTU http://www.ubuntu.com/usn/usn-563-1 SUSE http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html SAID Secunia Advisory: SA28386 Secunia Advisory: SA28200 Secunia Advisory: SA28129 Secunia Advisory: SA28136 Secunia Advisory: SA28113 Secunia Advisory: SA28441 Secunia Advisory: SA28636 Secunia Advisory: SA28676 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:036 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1437 CONFIRM http://www.cups.org/str.php?L2589 http://bugs.gentoo.org/show_bug.cgi?id=201570 http://docs.info.apple.com/article.html?artnum=307179 CERT http://www.us-cert.gov/cas/techalerts/TA07-352A.html BID 26917 26910 APPLE http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Return to the previous page.