|
CUPS hpgltops and lppasswd Vulnerabilities
|
|
Secunia Advisory:
|
SA13510
|
|
|
Release Date:
|
2004-12-17
|
|
Last Update:
|
2005-09-23
|
|
Popularity:
|
13,641 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Manipulation of data
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | CUPS 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2004-1267
CVE-2004-1268
CVE-2004-1269
CVE-2004-1270
CVE-2005-2874
|
|
Description:
Three vulnerabilities have been reported in CUPS, which can be exploited by malicious users to manipulate certain files, cause a DoS (Denial of Service), or compromise a vulnerable system.
1) A boundary error in the "ParseCommand()" function within the hpgltops filter can be exploited to cause a buffer overflow by printing a specially crafted HPGL file.
Successful exploitation allows execution of arbitrary code with the privileges of the "lp" account.
The vulnerability has been reported in version 1.1.22. Prior versions may also be affected.
2) Various errors in lppasswd when editing the "/usr/local/etc/cups/passwd" file can be exploited to truncate the file, potentially write a user-controlled error message to it, or disable lppasswd.
The vulnerability has been reported in version 1.1.22. Prior versions may also be affected.
3) An error within the handling of certain paths in the "is_path_absolute()" function in "scheduler/client.c" can be exploited to cause the application to become unresponsive via a specially crafted HTTP GET request.
The vulnerability has been reported in versions 1.1.21 through 1.1.23rc1.
Solution:
Update to version 1.1.23.
Provided and/or discovered by:
1) Ariel Berkman
2) Bartlomiej Sieka
3) kmuto
Changelog:
2004-12-22: Added CVE references.
2005-01-05: Updated "Solution" section.
2005-01-10: Added information about third vulnerability.
2005-09-23: Added CVE reference.
Original Advisory:
CUPS:
http://www.cups.org/str.php?L1023
http://www.cups.org/str.php?L1024
http://www.cups.org/str.php?L1042
Ariel Berkman:
http://tigger.uic.edu/~jlongs2/holes/cups.txt
Bartlomiej Sieka:
http://tigger.uic.edu/~jlongs2/holes/cups2.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
