LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: [ MDVSA-2009:028 ] cups Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference (CVE-2008-5183). The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions (CVE-2008-5184). CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow (CVE-2008-5286). CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file (CVE-2009-0032). The updated packages have been patched to prevent this.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:028
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : January 24, 2009
 Affected: 2008.0, 2008.1
 _______________________________________________________________________

 Problem Description:

 Security vulnerabilities have been discovered and corrected in CUPS.
 
 CUPS before 1.3.8 allows local users, and possibly remote attackers,
 to cause a denial of service (daemon crash) by adding a large number
 of RSS Subscriptions, which triggers a NULL pointer dereference
 (CVE-2008-5183).
 
 The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the
 guest username when a user is not logged on to the web server, which
 makes it easier for remote attackers to bypass intended policy and
 conduct CSRF attacks via the (1) add and (2) cancel RSS subscription
 functions (CVE-2008-5184).
 
 CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary
 code via a PNG image with a large height value, which bypasses a
 validation check and triggers a buffer overflow (CVE-2008-5286).
 
 CUPS shipped with Mandriva Linux allows local users to overwrite
 arbitrary files via a symlink attack on the /tmp/pdf.log temporary file
 (CVE-2009-0032).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5184
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0032
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 9ff1555139c59b89ea0623dfdfff4de5  2008.0/i586/cups-1.3.6-1.4mdv2008.0.i586.rpm
 3cda60090d2108259f55cdbc6cf372e5  2008.0/i586/cups-common-1.3.6-1.4mdv2008.0.i586.rpm
 1fbbbf89a0341cf430905757bdc6c355  2008.0/i586/cups-serial-1.3.6-1.4mdv2008.0.i586.rpm
 f6eb5a73b984f77e851cb39826ba26a1  2008.0/i586/libcups2-1.3.6-1.4mdv2008.0.i586.rpm
 e8279e8427ef9c3ec9536abe94038423  2008.0/i586/libcups2-devel-1.3.6-1.4mdv2008.0.i586.rpm
 9974e6ad715a853706ec26acf9ca73c3  2008.0/i586/php-cups-1.3.6-1.4mdv2008.0.i586.rpm 
 6f6a298d7935094b6fcd18d39c3de1b7  2008.0/SRPMS/cups-1.3.6-1.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 355ce3cfb79a4aebbdabedb206a32e05  2008.0/x86_64/cups-1.3.6-1.4mdv2008.0.x86_64.rpm
 e3a2b95ac7138318d6cefab0fdf3face  2008.0/x86_64/cups-common-1.3.6-1.4mdv2008.0.x86_64.rpm
 fb0abf9e3d492edd06876b7d4cebe784  2008.0/x86_64/cups-serial-1.3.6-1.4mdv2008.0.x86_64.rpm
 5b5196b27e24fb6ad910563ed884ce2e  2008.0/x86_64/lib64cups2-1.3.6-1.4mdv2008.0.x86_64.rpm
 e8b1cdbba7283ff2e9b76eb498f508d0  2008.0/x86_64/lib64cups2-devel-1.3.6-1.4mdv2008.0.x86_64.rpm
 178ca59986af801a2c29611fa16ce2dd  2008.0/x86_64/php-cups-1.3.6-1.4mdv2008.0.x86_64.rpm 
 6f6a298d7935094b6fcd18d39c3de1b7  2008.0/SRPMS/cups-1.3.6-1.4mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 93a94c922f72f8844e232ed779a8c66c  2008.1/i586/cups-1.3.6-5.3mdv2008.1.i586.rpm
 eccb6a07dd53dbbeb490675c2cf311f0  2008.1/i586/cups-common-1.3.6-5.3mdv2008.1.i586.rpm
 2ad9c7135f6d8a2217d34055ca8f57b3  2008.1/i586/cups-serial-1.3.6-5.3mdv2008.1.i586.rpm
 62d4efcf07165da647db08d6636ac596  2008.1/i586/libcups2-1.3.6-5.3mdv2008.1.i586.rpm
 f0779950606ab9fa83b9de410a7beb70  2008.1/i586/libcups2-devel-1.3.6-5.3mdv2008.1.i586.rpm
 d0bd96dc1aec2dab736d538a7bd49a2b  2008.1/i586/php-cups-1.3.6-5.3mdv2008.1.i586.rpm 
 abd1474014a74c467881ca52b4090ace  2008.1/SRPMS/cups-1.3.6-5.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 64aca60db93cd3886f58823155e2f982  2008.1/x86_64/cups-1.3.6-5.3mdv2008.1.x86_64.rpm
 2cb2d9467430c4619ed23d37099ad2cc  2008.1/x86_64/cups-common-1.3.6-5.3mdv2008.1.x86_64.rpm
 69b5f842144013c41c946783c898c1db  2008.1/x86_64/cups-serial-1.3.6-5.3mdv2008.1.x86_64.rpm
 243a0d7da4c4e24ac8c7571a202e1627  2008.1/x86_64/lib64cups2-1.3.6-5.3mdv2008.1.x86_64.rpm
 2d4bbbd60d026d3bc272001d447dc5ae  2008.1/x86_64/lib64cups2-devel-1.3.6-5.3mdv2008.1.x86_64.rpm
 e1a2d953fdc0dbb7eda2097f0e4c38e9  2008.1/x86_64/php-cups-1.3.6-5.3mdv2008.1.x86_64.rpm 
 abd1474014a74c467881ca52b4090ace  2008.1/SRPMS/cups-1.3.6-5.3mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.