Detections
Analytics

FreeBSD : cups-filters -- texttopdf integer overflow (bf1d9331-21b6-11e5-86ff-14dae9d210b8)

high Nessus Plugin ID 84528

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Stefan Cornelius from Red Hat reports :

An integer overflow flaw leading to a heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user.

Tim Waugh reports :

The Page allocation is moved into textcommon.c, where it does all the necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds for CVE-2015-3259 due to integer overflows for the calloc() call initializing Page[0] and the memset() call in texttopdf.c's WritePage() function zeroing the entire array.

Solution

Update the affected package.

See Also

https://access.redhat.com/security/cve/cve-2015-3279

http://www.nessus.org/u?35f4859f

http://osdir.com/ml/opensource-software-security/2015-07/msg00021.html

http://www.nessus.org/u?16853316

Plugin Details

Severity: High

ID: 84528

File Name: freebsd_pkg_bf1d933121b611e586ff14dae9d210b8.nasl

Version: 2.8

Type: local

Published: 7/6/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cups-filters, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/3/2015

Vulnerability Publication Date: 7/3/2015

Reference Information

CVE: CVE-2015-3279