exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-028

Mandriva Linux Security Advisory 2009-028
Posted Jan 25, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-028 - Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. The updated packages have been patched to prevent this.

tags | advisory, remote, web, denial of service, overflow, arbitrary, local, cgi, vulnerability
systems | linux, mandriva
advisories | CVE-2008-5183, CVE-2008-5184, CVE-2008-5286, CVE-2009-0032
SHA-256 | 1e8a4108fdf9c2d57d8db1cf6e760cbbcb404476f8da36f8cd8b11ddda80fdbe

Mandriva Linux Security Advisory 2009-028

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:028
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cups
Date : January 24, 2009
Affected: 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

Security vulnerabilities have been discovered and corrected in CUPS.

CUPS before 1.3.8 allows local users, and possibly remote attackers,
to cause a denial of service (daemon crash) by adding a large number
of RSS Subscriptions, which triggers a NULL pointer dereference
(CVE-2008-5183).

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the
guest username when a user is not logged on to the web server, which
makes it easier for remote attackers to bypass intended policy and
conduct CSRF attacks via the (1) add and (2) cancel RSS subscription
functions (CVE-2008-5184).

CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary
code via a PNG image with a large height value, which bypasses a
validation check and triggers a buffer overflow (CVE-2008-5286).

CUPS shipped with Mandriva Linux allows local users to overwrite
arbitrary files via a symlink attack on the /tmp/pdf.log temporary file
(CVE-2009-0032).

The updated packages have been patched to prevent this.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0032
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
9ff1555139c59b89ea0623dfdfff4de5 2008.0/i586/cups-1.3.6-1.4mdv2008.0.i586.rpm
3cda60090d2108259f55cdbc6cf372e5 2008.0/i586/cups-common-1.3.6-1.4mdv2008.0.i586.rpm
1fbbbf89a0341cf430905757bdc6c355 2008.0/i586/cups-serial-1.3.6-1.4mdv2008.0.i586.rpm
f6eb5a73b984f77e851cb39826ba26a1 2008.0/i586/libcups2-1.3.6-1.4mdv2008.0.i586.rpm
e8279e8427ef9c3ec9536abe94038423 2008.0/i586/libcups2-devel-1.3.6-1.4mdv2008.0.i586.rpm
9974e6ad715a853706ec26acf9ca73c3 2008.0/i586/php-cups-1.3.6-1.4mdv2008.0.i586.rpm
6f6a298d7935094b6fcd18d39c3de1b7 2008.0/SRPMS/cups-1.3.6-1.4mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
355ce3cfb79a4aebbdabedb206a32e05 2008.0/x86_64/cups-1.3.6-1.4mdv2008.0.x86_64.rpm
e3a2b95ac7138318d6cefab0fdf3face 2008.0/x86_64/cups-common-1.3.6-1.4mdv2008.0.x86_64.rpm
fb0abf9e3d492edd06876b7d4cebe784 2008.0/x86_64/cups-serial-1.3.6-1.4mdv2008.0.x86_64.rpm
5b5196b27e24fb6ad910563ed884ce2e 2008.0/x86_64/lib64cups2-1.3.6-1.4mdv2008.0.x86_64.rpm
e8b1cdbba7283ff2e9b76eb498f508d0 2008.0/x86_64/lib64cups2-devel-1.3.6-1.4mdv2008.0.x86_64.rpm
178ca59986af801a2c29611fa16ce2dd 2008.0/x86_64/php-cups-1.3.6-1.4mdv2008.0.x86_64.rpm
6f6a298d7935094b6fcd18d39c3de1b7 2008.0/SRPMS/cups-1.3.6-1.4mdv2008.0.src.rpm

Mandriva Linux 2008.1:
93a94c922f72f8844e232ed779a8c66c 2008.1/i586/cups-1.3.6-5.3mdv2008.1.i586.rpm
eccb6a07dd53dbbeb490675c2cf311f0 2008.1/i586/cups-common-1.3.6-5.3mdv2008.1.i586.rpm
2ad9c7135f6d8a2217d34055ca8f57b3 2008.1/i586/cups-serial-1.3.6-5.3mdv2008.1.i586.rpm
62d4efcf07165da647db08d6636ac596 2008.1/i586/libcups2-1.3.6-5.3mdv2008.1.i586.rpm
f0779950606ab9fa83b9de410a7beb70 2008.1/i586/libcups2-devel-1.3.6-5.3mdv2008.1.i586.rpm
d0bd96dc1aec2dab736d538a7bd49a2b 2008.1/i586/php-cups-1.3.6-5.3mdv2008.1.i586.rpm
abd1474014a74c467881ca52b4090ace 2008.1/SRPMS/cups-1.3.6-5.3mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
64aca60db93cd3886f58823155e2f982 2008.1/x86_64/cups-1.3.6-5.3mdv2008.1.x86_64.rpm
2cb2d9467430c4619ed23d37099ad2cc 2008.1/x86_64/cups-common-1.3.6-5.3mdv2008.1.x86_64.rpm
69b5f842144013c41c946783c898c1db 2008.1/x86_64/cups-serial-1.3.6-5.3mdv2008.1.x86_64.rpm
243a0d7da4c4e24ac8c7571a202e1627 2008.1/x86_64/lib64cups2-1.3.6-5.3mdv2008.1.x86_64.rpm
2d4bbbd60d026d3bc272001d447dc5ae 2008.1/x86_64/lib64cups2-devel-1.3.6-5.3mdv2008.1.x86_64.rpm
e1a2d953fdc0dbb7eda2097f0e4c38e9 2008.1/x86_64/php-cups-1.3.6-5.3mdv2008.1.x86_64.rpm
abd1474014a74c467881ca52b4090ace 2008.1/SRPMS/cups-1.3.6-5.3mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJe0RhmqjQ0CJFipgRAsXFAKDBJeogydK5chEfSmEpHuVXDsC6xQCgq+vl
JbRgydRjIpXNqGzlnNrqXZI=
=2ydF
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close