Upstream information

CVE-2007-5849 at MITRE

Description

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 346731 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.1
  • cups >= 1.1.23-40.35
  • cups-client >= 1.1.23-40.35
  • cups-devel >= 1.1.23-40.35
  • cups-libs >= 1.1.23-40.35
  • cups-libs-32bit >= 1.1.23-40.35
  • cups-libs-64bit >= 1.1.23-40.35