Date: 11 October 2004
References: ESB-2004.0576 ESB-2004.0577
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0635 -- Sun(sm) Alert Notification - Sun Alert ID: 57646
Security Vulnerabilities in Common Unix Printing System (CUPS) May Allow a
Remote Unprivileged User to Execute Arbitrary Code
11 October 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: CUPS
Publisher: Sun Microsystems
Operating System: Solaris
UNIX variants
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2004-0801 CAN-2004-0558
Ref: ESB-2004.0577
ESB-2004.0576
Original Bulletin URL: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-57646-1
Sun(sm) Alert Notification
* Sun Alert ID: 57646
* Synopsis: Security Vulnerabilities in Common Unix Printing System
(CUPS) May Allow a Remote Unprivileged User to Execute Arbitrary
Code
* Category: Security
* Product: Sun Java Desktop System (JDS)
* BugIDs: 5102516
* Avoidance: Patch
* State: Resolved
* Date Released:
* Date Closed:
* Date Modified:
1. Impact
Due to improper command line and environment variable validation, a
remote or local unprivileged user may be able to execute arbitrary
commands with the privileges of the CUPS daemon (cupsd(8)), which is
typically the unprivileged "lp" user. Furthermore, a remote Denial of
Service (DoS) condition within CUPS may allow remote unprivileged
users to cause the CUPS server to become unresponsive.
Note: The Common Unix Printing System (CUPS) is a cross-platform
printing solution for all UNIX environments. It is based on the
Internet Printing Protocol (IPP) and provides complete printing
services to most PostScript and raster printers.
These issues are described in the following documents:
* SUSE-SA:2004:031 at
[2]http://www.suse.com/de/security/2004_31_cups.html
* CAN-2004-0801 at
[3]http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0801
* CAN-2004-0558 at
[4]http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
2. Contributing Factors
These issues can occur in the following releases:
Linux
* Sun Java Desktop System (JDS) 2003 without the updated RPMs
(patch-9321)
* Sun Java Desktop System (JDS) Release 2 without the updated RPMs
(patch-9321)
Note: JDS for Solaris is not impacted by these issues.
These issues only occur with CUPS versions cups-libs-1.1.15-150 or
earlier.
To determine the release of JDS for Linux installed on a system, the
following command can be run:
% cat /etc/sun-release
Sun Java Desktop System, Release 2 -build 10b (GA)
Assembled 30 March 2004
To determine the version of CUPS, the following command can be run:
% rpm -qf /usr/lib/libcups.so.2
cups-libs-1.1.15-1
3. Symptoms
There are no reliable symptoms that would show the buffer overflow
issue described has been exploited. The CUPS daemon cupsd(8) will
become unresponsive when the Denial of Service (DoS) attack has been
exploited.
Solution Summary [5]Top
4. Relief/Workaround
There is no workaround. Please see the "Resolution" section below.
5. Resolution
These issues are addressed in the following releases:
Linux
* Sun Java Desktop System (JDS) 2003 with the updated RPMs
(patch-9321)
* Sun Java Desktop System (JDS) Release 2 with the updated RPMs
(patch-9321)
To download and install the updated RPMs from the update servers
select the following from the launch bar:
Launch >> Applications >> System Tools >> Online Update
For more information on obtaining updates see:
* [6]http://wwws.sun.com/software/javadesktopsystem/faq.html#5q5
* [7]http://wwws.sun.com/software/javadesktopsystem/faq.html#5q7
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2004 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
References
1. http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-57646-1#top
2. http://www.suse.com/de/security/2004_31_cups.html
3. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0801
4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
5. http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-57646-1#top
6. http://wwws.sun.com/software/javadesktopsystem/faq.html#5q5
7. http://wwws.sun.com/software/javadesktopsystem/faq.html#5q7
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQWnXvSh9+71yA2DNAQLNrAP7BxnA66N9fAOaSqPQz/EBnTdvJnlQ/hSj
BpT3+3hmx1l7GkG2fZpTn9hNVJJz60xRq8CpegzhIHmKhBYDZyryUn07YUIGfLh5
F47d1hyXeiIHCY0hPo9mbj6UEFLdm2Lnoa6W67xqCvf0mwMGKx1w7m6I1+y3BVfI
YG1aOhmNTuE=
=g+SG
-----END PGP SIGNATURE-----
|