linux, säkerhet

88831 2003-01-23  23:01  /239 rader/  <security@caldera.com>
Importerad: 2003-01-23  23:01  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: full-disclosure@lists.netsys.com
Externa svar till: please_reply_to_security@caldera.com
Mottagare: Bugtraq (import) <3194>
Ärende: Security Update: [CSSA-2003-004.0] Linux: Multiple Security Vulnerabilities in the Common Unix Printing System (CUPS)
------------------------------------------------------------
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: Multiple Security Vulnerabilities in the Common Unix Printing System (CUPS)
Advisory number: 	CSSA-2003-004.0
Issue date: 		2003 January 20
Cross reference:
______________________________________________________________________________


1. Problem Description

	Several vulnerabilities have been discovered in the CUPS
	printing system (these descriptions are from the associated
	CVE database entries):

	- Allows local users with lp privileges to create or overwrite
	arbitrary files via file race conditions.

	- Allows remote attackers to add printers without
	authentication via a certain UDP packet, that can then be used
	to perform unauthorized activities such as stealing the local
	root certificate for the administration server via a "need
	authorization" page.

	- Allows remote attackers to cause a denial of service (crash)
	and possibly execute arbitrary code by causing negative
	arguments to be fed into memcpy() calls via HTTP requests with
	(1) a negative Content-Length value or (2) a negative length
	in a chunked transfer encoding.

	- The obs.c module does not properly use the strncat function
	call when processing the options string, which allows remote
	attackers to execute arbitrary code via a buffer overflow
	attack.

	- The filters/image-gif.c module does not properly check for
	zero-length GIF images, which allows remote attackers to
	execute arbitrary code via modified chunk headers.

	- Does not properly check the return values of various file
	and socket operations, which could allow a remote attacker to
	cause a denial of service (resource exhaustion) by causing
	file descriptors to be assigned and not released.

	- Multiple integer overflows allow remote attackers to execute
	arbitrary code via (1) the CUPSd HTTP interface, and (2) the
	image handling code in CUPS filters.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to cups-1.1.10-6.i386.rpm
					prior to cups-client-1.1.10-6.i386.rpm
					prior to cups-devel-1.1.10-6.i386.rpm
					prior to cups-ppd-1.1.10-6.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to cups-1.1.10-6.i386.rpm
					prior to cups-client-1.1.10-6.i386.rpm
					prior to cups-devel-1.1.10-6.i386.rpm
					prior to cups-ppd-1.1.10-6.i386.rpm

	OpenLinux 3.1 Server		prior to cups-1.1.10-6.i386.rpm
					prior to cups-client-1.1.10-6.i386.rpm
					prior to cups-devel-1.1.10-6.i386.rpm
					prior to cups-ppd-1.1.10-6.i386.rpm

	OpenLinux 3.1 Workstation	prior to cups-1.1.10-6.i386.rpm
					prior to cups-client-1.1.10-6.i386.rpm
					prior to cups-devel-1.1.10-6.i386.rpm
					prior to cups-ppd-1.1.10-6.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater,
	called cupdate (or kcupdate under the KDE environment), to
	update these packages rather than downloading and installing
	them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-004.0/RPMS

	4.2 Packages

	c27cfc1dc18d8c4769c0f8247f9c9bf0
	cups-1.1.10-6.i386.rpm
	0c9792f6a6127a2a0ac3196d230a9223
	cups-client-1.1.10-6.i386.rpm
	7ead8e53873325ee5acb2626ecabf5d5
	cups-devel-1.1.10-6.i386.rpm
	cb7b8838284549eb6b4bcb877d5db983
	cups-ppd-1.1.10-6.i386.rpm

	4.3 Installation

	rpm -Fvh cups-1.1.10-6.i386.rpm
	rpm -Fvh cups-client-1.1.10-6.i386.rpm
	rpm -Fvh cups-devel-1.1.10-6.i386.rpm
	rpm -Fvh cups-ppd-1.1.10-6.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-004.0/SRPMS

	4.5 Source Packages

	d14af6c00379eace99f62c5df4dcf132	cups-1.1.10-6.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-004.0/RPMS

	5.2 Packages

	b1315ba0ae47bf95d2eccfed08e95cb0
	cups-1.1.10-6.i386.rpm
	ca1ab491adccc5d416d6f2947f93c657
	cups-client-1.1.10-6.i386.rpm
	5db4d1574eaf6b1cb2130fab341edef7
	cups-devel-1.1.10-6.i386.rpm
	2580ab863d136281dde1b3ddf82f0d99
	cups-ppd-1.1.10-6.i386.rpm

	5.3 Installation

	rpm -Fvh cups-1.1.10-6.i386.rpm
	rpm -Fvh cups-client-1.1.10-6.i386.rpm
	rpm -Fvh cups-devel-1.1.10-6.i386.rpm
	rpm -Fvh cups-ppd-1.1.10-6.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-004.0/SRPMS

	5.5 Source Packages

	c62a95b4664ea4fe5261521b5a79cdc9	cups-1.1.10-6.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-004.0/RPMS

	6.2 Packages

	dee367cd2ffc768b9981831702927a38
	cups-1.1.10-6.i386.rpm
	620cde79e5c12f20841c3dfe2dea0d36
	cups-client-1.1.10-6.i386.rpm
	84320c589e9d2129aa5b1fdb34d5d62f
	cups-devel-1.1.10-6.i386.rpm
	c2eaa7a35f2dcfb03aa77908bd89ef97
	cups-ppd-1.1.10-6.i386.rpm

	6.3 Installation

	rpm -Fvh cups-1.1.10-6.i386.rpm
	rpm -Fvh cups-client-1.1.10-6.i386.rpm
	rpm -Fvh cups-devel-1.1.10-6.i386.rpm
	rpm -Fvh cups-ppd-1.1.10-6.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-004.0/SRPMS

	6.5 Source Packages

	268370aa68837a6bd148d77e493e92ba	cups-1.1.10-6.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-004.0/RPMS

	7.2 Packages

	b547711da7b927555f6f8eabb088793f
	cups-1.1.10-6.i386.rpm
	98564caad2ed3e31eb0051e55be13d9c
	cups-client-1.1.10-6.i386.rpm
	20c1141acfe92617c7c1219a9bd6dbe9
	cups-devel-1.1.10-6.i386.rpm
	512795d8b7c8b31f6f6a7cfbf405114d
	cups-ppd-1.1.10-6.i386.rpm

	7.3 Installation

	rpm -Fvh cups-1.1.10-6.i386.rpm
	rpm -Fvh cups-client-1.1.10-6.i386.rpm
	rpm -Fvh cups-devel-1.1.10-6.i386.rpm
	rpm -Fvh cups-ppd-1.1.10-6.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-004.0/SRPMS

	7.5 Source Packages

	7a7c39f894ac48056702470082f9862a	cups-1.1.10-6.src.rpm


8. References

	Specific references for this advisory:

		http://www.idefense.com/advisory/12.19.02.txt
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1366
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1367
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1368
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1369
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1371
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1372
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1383

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr872573, fz526835,
	erg712180.


9. Disclaimer

	SCO is not responsible for the misuse of any of the
	information we provide on this website and/or through our
	security advisories. Our advisories are a service to our
	customers intended to promote secure installation and use of
	SCO products.


10. Acknowledgements

	zen-parse (zen-parse@gmx.net) discovered and researched these
	vulnerabilities.

______________________________________________________________________________
(88831) / <security@caldera.com>/---------(Ombruten)
Bilaga (application/pgp-signature) i text 88832
88832 2003-01-23  23:01  /9 rader/  <security@caldera.com>
Importerad: 2003-01-23  23:01  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: full-disclosure@lists.netsys.com
Externa svar till: please_reply_to_security@caldera.com
Mottagare: Bugtraq (import) <3195>
Bilaga (text/plain) till text 88831
Ärende: Bilaga till: Security Update: [CSSA-2003-004.0] Linux: Multiple Security Vulnerabilities in the Common Unix Printing System (CUPS)
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj4sm1IACgkQbluZssSXDTH50ACg7Xfmsf5v7Q9oBatDOvTvF6tF
t6oAn2KoF2c3452/4jx9HmiAWdza6Ar5
=QENe
-----END PGP SIGNATURE-----
(88832) / <security@caldera.com>/-------------------