exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2010-072

Mandriva Linux Security Advisory 2010-072
Posted Apr 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-072 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, local, xss
systems | linux, mandriva
advisories | CVE-2009-2820, CVE-2010-0393
SHA-256 | 87a1b81e834c7351f9b23a53bf106959914ab7a068d03785563229a2e13f2d5f

Mandriva Linux Security Advisory 2010-072

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:072
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cups
Date : April 14, 2010
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in cups:

CUPS in does not properly handle (1) HTTP headers and (2) HTML
templates, which allows remote attackers to conduct cross-site
scripting (XSS) attacks and HTTP response splitting attacks via vectors
related to (a) the product's web interface, (b) the configuration of
the print system, and (c) the titles of printed jobs (CVE-2009-2820).

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS
1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable
to determine the file that provides localized message strings, which
allows local users to gain privileges via a file that contains crafted
localization data with format string specifiers (CVE-2010-0393).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0393
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
740c074b463cb19e228e8452d654ff77 corporate/4.0/i586/cups-1.2.4-0.13.20060mlcs4.i586.rpm
b4efdba1af730183bf665ba19eef5e41 corporate/4.0/i586/cups-common-1.2.4-0.13.20060mlcs4.i586.rpm
3b0c57f1c8aff54f44a8757832b388a7 corporate/4.0/i586/cups-serial-1.2.4-0.13.20060mlcs4.i586.rpm
e32253a438c2783e88fdba9308c53b34 corporate/4.0/i586/libcups2-1.2.4-0.13.20060mlcs4.i586.rpm
2ef500ce86c081c4715764209a9cd65e corporate/4.0/i586/libcups2-devel-1.2.4-0.13.20060mlcs4.i586.rpm
286f41821b5b92627f756db7437b0047 corporate/4.0/i586/php-cups-1.2.4-0.13.20060mlcs4.i586.rpm
dbac43650b92f93f745be6451d30f11f corporate/4.0/SRPMS/cups-1.2.4-0.13.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
45551f204c08ad1bd602cabecbb23dc5 corporate/4.0/x86_64/cups-1.2.4-0.13.20060mlcs4.x86_64.rpm
e836b68917a8dc53436410fd55723a5b corporate/4.0/x86_64/cups-common-1.2.4-0.13.20060mlcs4.x86_64.rpm
1a78d7675b0ea5497ae044ef70a8fb1f corporate/4.0/x86_64/cups-serial-1.2.4-0.13.20060mlcs4.x86_64.rpm
fd3d6e9b3c899ecd475acfc9d5ad12b5 corporate/4.0/x86_64/lib64cups2-1.2.4-0.13.20060mlcs4.x86_64.rpm
07561e3bd8e757ed1ccd9a343a847d61 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.13.20060mlcs4.x86_64.rpm
09541108666b89cad59b723949e4fea1 corporate/4.0/x86_64/php-cups-1.2.4-0.13.20060mlcs4.x86_64.rpm
dbac43650b92f93f745be6451d30f11f corporate/4.0/SRPMS/cups-1.2.4-0.13.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLxahkmqjQ0CJFipgRAsnrAJ4hIErd0YfzlqHNjOXCKLpzqluKYwCfcdHo
ZXN+jQ9LKCAGJg8zlt2se4k=
=hh1R
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close