Debian DSA-232-1 : cupsys - several vulnerabilities

critical Nessus Plugin ID 15069

Synopsis

The remote Debian host is missing a security-related update.

Description

Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS). Several of these issues represent the potential for a remote compromise or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems :

- CAN-2002-1383: Multiple integer overflows allow a remote attacker to execute arbitrary code via the CUPSd HTTP interface and the image handling code in CUPS filters.
- CAN-2002-1366: Race conditions in connection with /etc/cups/certs/ allow local users with lp privileges to create or overwrite arbitrary files. This is not present in the potato version.

- CAN-2002-1367: This vulnerability allows a remote attacker to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a 'need authorization' page.

- CAN-2002-1368: Negative lengths fed into memcpy() can cause a denial of service and possibly execute arbitrary code.

- CAN-2002-1369: An unsafe strncat() function call processing the options string allows a remote attacker to execute arbitrary code via a buffer overflow.

- CAN-2002-1371: Zero width images allows a remote attacker to execute arbitrary code via modified chunk headers.

- CAN-2002-1372: CUPS does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service.

- CAN-2002-1384: The cupsys package contains some code from the xpdf package, used to convert PDF files for printing, which contains an exploitable integer overflow bug. This is not present in the potato version.

Even though we tried very hard to fix all problems in the packages for potato as well, the packages may still contain other security related problems. Hence, we advise users of potato systems using CUPS to upgrade to woody soon.

Solution

Upgrade the CUPS packages immediately.

For the current stable distribution (woody), these problems have been fixed in version 1.1.14-4.3.

For the old stable distribution (potato), these problems have been fixed in version 1.0.4-12.1.

See Also

http://www.idefense.com/advisory/12.19.02.txt

http://www.debian.org/security/2003/dsa-232

Plugin Details

Severity: Critical

ID: 15069

File Name: debian_DSA-232.nasl

Version: 1.29

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:2.2, cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:cupsys

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/20/2003

Vulnerability Publication Date: 12/19/2002

Reference Information

CVE: CVE-2002-1366, CVE-2002-1367, CVE-2002-1368, CVE-2002-1369, CVE-2002-1371, CVE-2002-1372, CVE-2002-1383, CVE-2002-1384

BID: 6435, 6475, 6436, 6437, 6438, 6440, 6439

DSA: 232