HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-99
Cisco Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability

Original Issue Date: July 07, 2008

Severity Rating: Medium

System Affected

  • CUPS versions 1.3.3 and prior are vulnerable (used in Cisco WAAS software prior to version 4.0.19)

Overview

A vulnerability has been reported in Cisco Wide Area Application Services (WAAS), it incorporates a print server based on vulnerable open source Common UNIX Printing System (CUPS) technology. Successful exploitation of this could result in execution of arbitrary code on the Cisco WAAS products.

Description

Cisco WAAS system consists of a set of devices called wide area application engines (WAEs) that work together to optimize and accelerates TCP -based applications over WAN. Cisco WAAS incorporates a Print Server based on the integration of open source CUPS technology.

The Common Unix Printing System (CUPS) is a modular printing system for Unix-like computer operating systems that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer. CUPS uses the Internet Printing Protocol (IPP) as the basis for managing print jobs and queues.

The Internet Printing Protocol (IPP) is a standard network protocol for remote printing as well as managing print jobs and can be used locally or over the Internet. It also supports access control, authentication, encryption, and is capable secure printing solution.

The vulnerability exists in the ippReadIO() function in cups/ipp.c when handling crafted IPP tags. The function fails to properly filter crafted characters from the parameter. An unauthenticated, remote attacker who is able to connect to the IPP TCP port could send a request with crafted ‘textWithLanguage' or ‘nameWithLanguage' tags to cause the function to allocate insufficient space to hold the search string. This causes the system to overwrite one byte of the stack with a zero. This may result in a DoS condition or the execution of arbitrary code with the privileges of the user.

The version of CUPS that is used in WAAS system software prior to version 4.0.19 is affected by this vulnerability in processing IPP tags if print services are enabled on the WAAS.

Workarounds

  • Disable print services on WAAS, if not required
  • Restrict access to trusted users only

Solution

Apply appropriate fixed software version as mentioned in CISCO Security Advisory
http://www.cisco.com/warp/public/707/cisco-sr-20080625-waas.shtml

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sr-20080625-waas.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=14435

References

Secunia
http://secunia.com/advisories/30847/

SecurityTracker
http://securitytracker.com/alerts/2008/Jun/1020370.html

CUPS
http://www.cups.org/str.php?L2561

US-CERT
http://www.kb.cert.org/vuls/id/446897

CVE Name
CVE-2007-4351

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003