Vulnerability Bulletins

int(1285)

Vulnerability Bulletins

Múltiples vulnerabilidades en CUPS
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Avanzado
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	cups
Description
Se han encontrado múltiples vulnerabilidades en CUPS: CAN-2004-1267 - Se ha encontrado una vulnerabilidad de desbordamiento de búfer en la función ParseCommand de la utilidad hpgltops. Un atacante podría enviar un archivo HPGL especialmente diseñado y ejecutar código arbitrario con el usuario "lp". CAN-2004-1268 y CAN-2004-1269 - Existen varias vulnerabilidades en la utilidad lppasswd. La aplicación ignora errores de escritura al modificar el fichero de contraseñas de CUPS. Un usuario local podría corromper el fichero de contraseñas o impedir el uso futuro de lppasswd. CAN-2004-1270 - lppasswd no verifica correctamente si passwd.new es diferente a STDERR, lo cual podría permitir a un usuario local controlar la salida de passwd.new.
Solution
Actualización de software Mandrake Linux Mandrake Linux 9.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cups-1.1.19-10.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cups-common-1.1.19-10.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/cups-serial-1.1.19-10.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libcups2-1.1.19-10.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libcups2-devel-1.1.19-10.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/cups-1.1.19-10.5.92mdk.src.rpm Mandrake Linux 9.2/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cups-1.1.19-10.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cups-common-1.1.19-10.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/cups-serial-1.1.19-10.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64cups2-1.1.19-10.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/cups-1.1.19-10.5.92mdk.src.rpm Mandrake Linux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-1.1.20-5.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-common-1.1.20-5.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/cups-serial-1.1.20-5.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libcups2-1.1.20-5.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libcups2-devel-1.1.20-5.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/cups-1.1.20-5.5.100mdk.src.rpm Mandrake Linux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cups-1.1.20-5.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cups-common-1.1.20-5.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/cups-serial-1.1.20-5.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64cups2-1.1.20-5.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/cups-1.1.20-5.5.100mdk.src.rpm Mandrake Linux 10.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/cups-1.1.21-0.rc1.7.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/cups-common-1.1.21-0.rc1.7.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libcups2-1.1.21-0.rc1.7.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/cups-1.1.21-0.rc1.7.3.101mdk.src.rpm Mandrake Linux 10.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.3.101mdk.src.rpm Corporate Server 2.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/cups-1.1.18-2.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/cups-common-1.1.18-2.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/cups-serial-1.1.18-2.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libcups1-1.1.18-2.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.7.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/cups-1.1.18-2.7.C21mdk.src.rpm Corporate Server 2.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/cups-1.1.18-2.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.7.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.7.C21mdk.src.rpm Corporate Server 3.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/cups-1.1.20-5.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/cups-common-1.1.20-5.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/cups-serial-1.1.20-5.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libcups2-1.1.20-5.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libcups2-devel-1.1.20-5.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/cups-1.1.20-5.5.C30mdk.src.rpm SUSE Linux Distribuciones basadas en SUSE Linux - Actualizar mediante YaST Online Update Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/
Standar resources
Property	Value
CVE	CAN-2004-1267 CAN-2004-1268 CAN-2004-1269 CAN-2004-1270
BID
Other resources
Mandrakesoft Security Advisories MDKSA-2005:008 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:008 SUSE Security Summary Report SUSE-SR:2005:003 http://www.novell.com/linux/security/advisories/2005_03_sr.html Red Hat Security Advisory RHSA-2005:053-19 https://rhn.redhat.com/errata/RHSA-2005-053.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-01-18
1.1	Aviso emitido por SUSE (SUSE-SR:2005:003)	2005-02-07
1.2	Aviso emitido por Red Hat (RHSA-2005:053-19)	2005-02-16

Vulnerability Bulletins

Múltiples vulnerabilidades en CUPS

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history