[Full-Disclosure] [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities

From: Thierry Carrez (koon_at_gentoo.org)
Date: 12/28/04

  • Next message: Marc Schoenefeld: "[Full-Disclosure] Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability"
    Date: Tue, 28 Dec 2004 14:11:56 +0100
    To: gentoo-announce@lists.gentoo.org
    
    
    
    

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 200412-25
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Severity: High
         Title: CUPS: Multiple vulnerabilities
          Date: December 28, 2004
          Bugs: #74479, #75197
            ID: 200412-25

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been found in CUPS, ranging from local
    Denial of Service attacks to the remote execution of arbitrary code.

    Background
    ==========

    The Common UNIX Printing System (CUPS) is a cross-platform print
    spooler, hpgltops is a CUPS filter handling printing of HPGL files and
    lppasswd is a program used locally to manage spooler passwords.

    Affected packages
    =================

        -------------------------------------------------------------------
         Package / Vulnerable / Unaffected
        -------------------------------------------------------------------
      1 net-print/cups < 1.1.23_rc1 >= 1.1.23_rc1

    Description
    ===========

    CUPS makes use of vulnerable Xpdf code to handle PDF files
    (CAN-2004-1125). Furthermore, Ariel Berkman discovered a buffer
    overflow in the ParseCommand function in hpgl-input.c in the hpgltops
    program (CAN-2004-1267). Finally, Bartlomiej Sieka discovered several
    problems in the lppasswd program: it ignores some write errors
    (CAN-2004-1268), it can leave the passwd.new file in place
    (CAN-2004-1269) and it does not verify that passwd.new file is
    different from STDERR (CAN-2004-1270).

    Impact
    ======

    The Xpdf and hpgltops vulnerabilities may be exploited by a remote
    attacker to execute arbitrary code by sending specific print jobs to a
    CUPS spooler. The lppasswd vulnerabilities may be exploited by a local
    attacker to write data to the CUPS password file or deny further
    password modifications.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All CUPS users should upgrade to the latest version:

        # emerge --sync
        # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23_rc1"

    References
    ==========

      [ 1 ] CAN-2004-1125
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
      [ 2 ] CAN-2004-1267
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267
      [ 3 ] CAN-2004-1268
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268
      [ 4 ] CAN-2004-1269
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269
      [ 5 ] CAN-2004-1270
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270
      [ 6 ] Ariel Berkman Advisory
            http://tigger.uic.edu/~jlongs2/holes/cups.txt
      [ 7 ] Bartlomiej Sieka Advisory
            http://tigger.uic.edu/~jlongs2/holes/cups2.txt

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

      http://security.gentoo.org/glsa/glsa-200412-25.xml

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security@gentoo.org or alternatively, you may file a bug at
    http://bugs.gentoo.org.

    License
    =======

    Copyright 2004 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.0

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: Marc Schoenefeld: "[Full-Disclosure] Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability"

    Relevant Pages

    • [NT] Cumulative Security Update for Internet Explorer (MS03-048)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... five newly-discovered vulnerabilities: ... The attacker could also create an HTML e-mail ...
      (Securiteam)
    • Re: Spyware and Adware affect every internet user
      ... that are fully in the choice of the attacker. ... I've already presented you some vulnerabilities where no workaround ... functionality or security requirements must be very low. ... next victim. ...
      (comp.security.misc)
    • [Full-disclosure] [ GLSA 200706-08 ] emul-linux-x86-java: Multiple vulnerabiliti
      ... Multiple vulnerabilities have been discovered in emul-linux-x86-java, ... emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development ... Chris Evans of the Google Security Team has discovered an integer ... possibly resulting in the execution of arbitrary code with the ...
      (Full-Disclosure)
    • [Full-Disclosure] [ GLSA 200412-22 ] mpg123: Playlist buffer overflow
      ... execute arbitrary code through the use of a malicious playlist. ... A remote attacker could craft a malicious playlist which, when used, ... Security is a primary focus of Gentoo Linux and ensuring the ...
      (Full-Disclosure)
    • [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities
      ... Multiple vulnerabilities have been found in CUPS, ... Denial of Service attacks to the remote execution of arbitrary code. ... attacker to write data to the CUPS password file or deny further ... Security is a primary focus of Gentoo Linux and ensuring the ...
      (Bugtraq)