Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CSSA-2003-004.0] Linux: Multiple Security Vulnerabilities in the CommonUnix Pri

[CSSA-2003-004.0] Linux: Multiple Security Vulnerabilities in the CommonUnix Pri

by Nikola Strahija on January 23rd, 2003 Several vulnerabilities have been discovered in the CUPS printing system (these descriptions are from the associated CVE database entries):


- Allows local users with lp privileges to create or overwrite
arbitrary files via file race conditions.

- Allows remote attackers to add printers without
authentication via a certain UDP packet, that can then be used
to perform unauthorized activities such as stealing the local
root certificate for the administration server via a "need
authorization" page.

- Allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code by causing negative
arguments to be fed into memcpy() calls via HTTP requests with
(1) a negative Content-Length value or (2) a negative length
in a chunked transfer encoding.

- The obs.c module does not properly use the strncat function
call when processing the options string, which allows remote
attackers to execute arbitrary code via a buffer overflow
attack.

- The filters/image-gif.c module does not properly check for
zero-length GIF images, which allows remote attackers to
execute arbitrary code via modified chunk headers.

- Does not properly check the return values of various file
and socket operations, which could allow a remote attacker to
cause a denial of service (resource exhaustion) by causing
file descriptors to be assigned and not released.

- Multiple integer overflows allow remote attackers to execute
arbitrary code via (1) the CUPSd HTTP interface, and (2) the
image handling code in CUPS filters.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to cups-1.1.10-6.i386.rpm
prior to cups-client-1.1.10-6.i386.rpm
prior to cups-devel-1.1.10-6.i386.rpm
prior to cups-ppd-1.1.10-6.i386.rpm

OpenLinux 3.1.1 Workstation prior to cups-1.1.10-6.i386.rpm
prior to cups-client-1.1.10-6.i386.rpm
prior to cups-devel-1.1.10-6.i386.rpm
prior to cups-ppd-1.1.10-6.i386.rpm

OpenLinux 3.1 Server prior to cups-1.1.10-6.i386.rpm
prior to cups-client-1.1.10-6.i386.rpm
prior to cups-devel-1.1.10-6.i386.rpm
prior to cups-ppd-1.1.10-6.i386.rpm

OpenLinux 3.1 Workstation prior to cups-1.1.10-6.i386.rpm
prior to cups-client-1.1.10-6.i386.rpm
prior to cups-devel-1.1.10-6.i386.rpm
prior to cups-ppd-1.1.10-6.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-004.0/RPMS

4.2 Packages

c27cfc1dc18d8c4769c0f8247f9c9bf0 cups-1.1.10-6.i386.rpm
0c9792f6a6127a2a0ac3196d230a9223 cups-client-1.1.10-6.i386.rpm
7ead8e53873325ee5acb2626ecabf5d5 cups-devel-1.1.10-6.i386.rpm
cb7b8838284549eb6b4bcb877d5db983 cups-ppd-1.1.10-6.i386.rpm

4.3 Installation

rpm -Fvh cups-1.1.10-6.i386.rpm
rpm -Fvh cups-client-1.1.10-6.i386.rpm
rpm -Fvh cups-devel-1.1.10-6.i386.rpm
rpm -Fvh cups-ppd-1.1.10-6.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-004.0/SRPMS

4.5 Source Packages

d14af6c00379eace99f62c5df4dcf132 cups-1.1.10-6.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-004.0/RPMS

5.2 Packages

b1315ba0ae47bf95d2eccfed08e95cb0 cups-1.1.10-6.i386.rpm
ca1ab491adccc5d416d6f2947f93c657 cups-client-1.1.10-6.i386.rpm
5db4d1574eaf6b1cb2130fab341edef7 cups-devel-1.1.10-6.i386.rpm
2580ab863d136281dde1b3ddf82f0d99 cups-ppd-1.1.10-6.i386.rpm

5.3 Installation

rpm -Fvh cups-1.1.10-6.i386.rpm
rpm -Fvh cups-client-1.1.10-6.i386.rpm
rpm -Fvh cups-devel-1.1.10-6.i386.rpm
rpm -Fvh cups-ppd-1.1.10-6.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-004.0/SRPMS

5.5 Source Packages

c62a95b4664ea4fe5261521b5a79cdc9 cups-1.1.10-6.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-004.0/RPMS

6.2 Packages

dee367cd2ffc768b9981831702927a38 cups-1.1.10-6.i386.rpm
620cde79e5c12f20841c3dfe2dea0d36 cups-client-1.1.10-6.i386.rpm
84320c589e9d2129aa5b1fdb34d5d62f cups-devel-1.1.10-6.i386.rpm
c2eaa7a35f2dcfb03aa77908bd89ef97 cups-ppd-1.1.10-6.i386.rpm

6.3 Installation

rpm -Fvh cups-1.1.10-6.i386.rpm
rpm -Fvh cups-client-1.1.10-6.i386.rpm
rpm -Fvh cups-devel-1.1.10-6.i386.rpm
rpm -Fvh cups-ppd-1.1.10-6.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-004.0/SRPMS

6.5 Source Packages

268370aa68837a6bd148d77e493e92ba cups-1.1.10-6.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-004.0/RPMS

7.2 Packages

b547711da7b927555f6f8eabb088793f cups-1.1.10-6.i386.rpm
98564caad2ed3e31eb0051e55be13d9c cups-client-1.1.10-6.i386.rpm
20c1141acfe92617c7c1219a9bd6dbe9 cups-devel-1.1.10-6.i386.rpm
512795d8b7c8b31f6f6a7cfbf405114d cups-ppd-1.1.10-6.i386.rpm

7.3 Installation

rpm -Fvh cups-1.1.10-6.i386.rpm
rpm -Fvh cups-client-1.1.10-6.i386.rpm
rpm -Fvh cups-devel-1.1.10-6.i386.rpm
rpm -Fvh cups-ppd-1.1.10-6.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-004.0/SRPMS

7.5 Source Packages

7a7c39f894ac48056702470082f9862a cups-1.1.10-6.src.rpm


8. References

Specific references for this advisory:

http://www.idefense.com/advisory/12.19.02.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1383

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr872573, fz526835,
erg712180.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

zen-parse ([email protected]) discovered and researched these
vulnerabilities.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »