The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2007-2442, CVE-2007-2443, and CVE-2007-2798
to these security issues.
Thanks to Wei Wang of McAfee Avert Labs discovered these
vulnerabilities.
Note: The VMware service console does not provide the kadmind
binary, and is not affected by these issues, but a update has been
provided for completeness.
>= 1.3.5
Description
===========
Wei Wang (McAfee AVERT Research) discovered an integer underflow in the
asn1_get_string() function of the SNMP backend, leading to a
stack-based buffer overflow when handling SNMP responses
(CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate
pdftops filter creates temporary files with predictable file names when
reading from standard input (CVE-2007-6358). Furthermore, the
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Wei Wang discovered that the SNMP discovery backend did not correctly
calculate the length of strings. If a user were tricked into scanning
for printers, a remote attacker could send a specially crafted packet
and possibly execute arbitrary code.
Elias Pipping discovered that temporary files were not handled safely
Printing System. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2007-5849
Wei Wang discovered that an buffer overflow in the SNMP backend
may lead to the execution of arbitrary code.
CVE-2007-6358
Elias Pipping discovered that insecure handling of a temporary
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-1673
Wei Wang from McAfee reported a potential heap overflow in the
ASN.1 decode code that is used by the SNMP NAT and CIFS
subsystem. Exploitation of this issue may lead to arbitrary code
execution. This issue is not believed to be exploitable with the
pre-built kernel images provided by Debian, but it might be an
issue for custom images built from the Debian-provided source
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-1673
Wei Wang from McAfee reported a potential heap overflow in the
ASN.1 decode code that is used by the SNMP NAT and CIFS
subsystem. Exploitation of this issue may lead to arbitrary code
execution. This issue is not believed to be exploitable with the
pre-built kernel images provided by Debian, but it might be an
issue for custom images built from the Debian-provided source
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Wei Wang found that the SNMP discovery backend in CUPS did not
correctly calculate the length of strings. If a user could be tricked
into scanning for printers, a remote attacker could send a specially
crafted packet and possibly execute arbitrary code (CVE-2007-5849).
As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another
|--------------------+---------------------------------------------------|
| Exploits Known | No |
|--------------------+---------------------------------------------------|
| Reported On | August 7, 2007 |
|--------------------+---------------------------------------------------|
| Reported By | Wei Wang of McAfee AVERT Labs |
|--------------------+---------------------------------------------------|
| Posted On | August 7, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | August 7, 2007 |
|--------------------+---------------------------------------------------|
