exploit the possibilities

Mandriva Linux Security Advisory 2012-179

Mandriva Linux Security Advisory 2012-179
Posted Dec 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-179 - CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. The updated packages have been patched to correct this issue.

tags | advisory, web, arbitrary, local, root
systems | linux, debian, mandriva
advisories | CVE-2012-5519
MD5 | f95cddfd2254c8bbd5ef41869f285de4

Mandriva Linux Security Advisory 2012-179

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:179
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cups
Date : December 12, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in cups:

CUPS 1.4.4, when running in certain Linux distributions such as
Debian GNU/Linux, stores the web interface administrator key in
/var/run/cups/certs/0 using certain permissions, which allows local
users in the lpadmin group to read or write arbitrary files as root
by leveraging the web interface (CVE-2012-5519).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
http://www.cups.org/str.php?L4223
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
621faa1bcabbfe6c820f34d323b15ed6 2011/i586/cups-1.4.8-2.2-mdv2011.0.i586.rpm
67c994f6deab1ec43abfc03bc469fde3 2011/i586/cups-common-1.4.8-2.2-mdv2011.0.i586.rpm
0eb1e071e924b8fbcba7782c861d0faa 2011/i586/cups-serial-1.4.8-2.2-mdv2011.0.i586.rpm
d82bafdbffa2843e8c87f44ff38f09bd 2011/i586/libcups2-1.4.8-2.2-mdv2011.0.i586.rpm
b91e9da16dc9d1dbc69ad8a32c591609 2011/i586/libcups2-devel-1.4.8-2.2-mdv2011.0.i586.rpm
76d0886860017257283b49f07948c8a2 2011/i586/php-cups-1.4.8-2.2-mdv2011.0.i586.rpm
15055e0d0e17ea5189cf29590e535c95 2011/SRPMS/cups-1.4.8-2.2.src.rpm

Mandriva Linux 2011/X86_64:
63a3439642483ba8b58964b050440eb7 2011/x86_64/cups-1.4.8-2.2-mdv2011.0.x86_64.rpm
667e8c1b429aa470a25cce5bcaa58a81 2011/x86_64/cups-common-1.4.8-2.2-mdv2011.0.x86_64.rpm
2acfd14c74298e32bca2c2d63f50078b 2011/x86_64/cups-serial-1.4.8-2.2-mdv2011.0.x86_64.rpm
124d5cba345b9f712b123a9e426629a2 2011/x86_64/lib64cups2-1.4.8-2.2-mdv2011.0.x86_64.rpm
4c427f6d8051690096192651701d63cc 2011/x86_64/lib64cups2-devel-1.4.8-2.2-mdv2011.0.x86_64.rpm
cf9ef4e6d1e4c5902915e51ab6443778 2011/x86_64/php-cups-1.4.8-2.2-mdv2011.0.x86_64.rpm
15055e0d0e17ea5189cf29590e535c95 2011/SRPMS/cups-1.4.8-2.2.src.rpm

Mandriva Enterprise Server 5:
7a7947b4348b46d88771c86d71bf93a8 mes5/i586/cups-1.3.10-0.6mdvmes5.2.i586.rpm
6be2cef2bb36f325fd2f39c382c691b5 mes5/i586/cups-common-1.3.10-0.6mdvmes5.2.i586.rpm
7797b6be2eda38cbe9b02aafdcf4382d mes5/i586/cups-serial-1.3.10-0.6mdvmes5.2.i586.rpm
341ec5bea5633ff702737e0bc41e866a mes5/i586/libcups2-1.3.10-0.6mdvmes5.2.i586.rpm
73c5dedc648f96b4cc596aae5a91d888 mes5/i586/libcups2-devel-1.3.10-0.6mdvmes5.2.i586.rpm
f4f93fb5602887b9d89d6f9824170d96 mes5/i586/php-cups-1.3.10-0.6mdvmes5.2.i586.rpm
25d5330e8744ddd498da35eb63d9c423 mes5/SRPMS/cups-1.3.10-0.6mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
4245234df94e9a8b3b2b5cea86c84b9f mes5/x86_64/cups-1.3.10-0.6mdvmes5.2.x86_64.rpm
ba51ee8a0d66e4241da0728aaabd9ec2 mes5/x86_64/cups-common-1.3.10-0.6mdvmes5.2.x86_64.rpm
5e0b48292098166e884cd4e39b68211e mes5/x86_64/cups-serial-1.3.10-0.6mdvmes5.2.x86_64.rpm
b6259d9d194e3f2944ccb691d331109e mes5/x86_64/lib64cups2-1.3.10-0.6mdvmes5.2.x86_64.rpm
9a631b030200ffad1f6765d07b63faad mes5/x86_64/lib64cups2-devel-1.3.10-0.6mdvmes5.2.x86_64.rpm
b575b13ff39b05c14922702bec3acfcc mes5/x86_64/php-cups-1.3.10-0.6mdvmes5.2.x86_64.rpm
25d5330e8744ddd498da35eb63d9c423 mes5/SRPMS/cups-1.3.10-0.6mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQyI3wmqjQ0CJFipgRAvI+AJwLllv72jGuBMfZvcrwmtUdioHA3QCdHKOK
xlTaJDfD2DO3j2YqWIOaX0Y=
=lwFY
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close