CVE-2002-1366
CVSS6.2
发布时间 :2002-12-26 00:00:00
修订时间 :2016-10-17 22:26:20
NMCOS    

[原文]Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.


[CNNVD]CUPS以不安全方式创建临时文件漏洞(CNNVD-200212-068)

        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS在建立'/etc/cups/certs/'文件存在竞争条件问题,本地攻击者可以利用这个漏洞以高权限在系统中建立或覆盖任意文件。
        由于CUPS建立'/etc/cups/certs/'临时文件不够安全,在建立前没有正确检查文件是否存在,利用符号连接方式可以以高权限建立或者覆盖系统文件,可以导致系统拒绝服务或获得root用户权限。
        

- CVSS (基础分值)

CVSS分值: 6.2 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.10
cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:easy_software_products:cups:1.0.4
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:easy_software_products:cups:1.1.14
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:easy_software_products:cups:1.1.1
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1366
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1366
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-068
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
(UNKNOWN)  VULNWATCH  20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://marc.info/?l=bugtraq&m=104032149026670&w=2
(UNKNOWN)  BUGTRAQ  20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://www.debian.org/security/2003/dsa-232
(UNKNOWN)  DEBIAN  DSA-232
http://www.idefense.com/advisory/12.19.02.txt
(UNKNOWN)  MISC  http://www.idefense.com/advisory/12.19.02.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
(UNKNOWN)  MANDRAKE  MDKSA-2003:001
http://www.novell.com/linux/security/advisories/2003_002_cups.html
(UNKNOWN)  SUSE  SuSE-SA:2003:002
http://www.redhat.com/support/errata/RHSA-2002-295.html
(UNKNOWN)  REDHAT  RHSA-2002:295
http://www.securityfocus.com/bid/6435
(UNKNOWN)  BID  6435
http://xforce.iss.net/xforce/xfdb/10907
(VENDOR_ADVISORY)  XF  cups-certs-race-condition(10907)

- 漏洞信息

CUPS以不安全方式创建临时文件漏洞
中危 竞争条件
2002-12-26 00:00:00 2005-05-13 00:00:00
本地  
        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS在建立'/etc/cups/certs/'文件存在竞争条件问题,本地攻击者可以利用这个漏洞以高权限在系统中建立或覆盖任意文件。
        由于CUPS建立'/etc/cups/certs/'临时文件不够安全,在建立前没有正确检查文件是否存在,利用符号连接方式可以以高权限建立或者覆盖系统文件,可以导致系统拒绝服务或获得root用户权限。
        

- 公告与补丁

        厂商补丁:
        Apple
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apple MacOS X 10.2.3和MacOS X Server 10.2.3不受此漏洞影响。
        升级程序:
        Apple MacOS X 10.2 (Jaguar):
        Apple Upgrade MacOSXUpdateCombo10.2.3.dmg
        
        http://www.info.apple.com/kbnum/n120164

        Apple MacOS X 10.2.2:
        Apple Upgrade MacOSXUpdate10.2.3.dmg
        
        http://www.info.apple.com/kbnum/n120165

        Easy Software Products
        ----------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Easy Software Products Upgrade CUPS 1.1.18
        
        http://www.cups.org/software.html

- 漏洞信息

10739
CUPS lp Privilege Arbitrary File Creation/Overwrite

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-12-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CUPS Insecure Temporary File Creation Vulnerability
Race Condition Error 6435
No Yes
2002-12-19 12:00:00 2009-07-11 07:16:00
Discovered by zen-parse.

- 受影响的程序版本

Easy Software Products CUPS 1.1.17
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Easy Software Products CUPS 1.1.16
+ Mandriva Linux Mandrake 9.0
Easy Software Products CUPS 1.1.15
+ Conectiva Linux Enterprise Edition 1.0
+ S.u.S.E. Linux 8.1
Easy Software Products CUPS 1.1.14
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Easy Software Products CUPS 1.1.13
Easy Software Products CUPS 1.1.12
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Easy Software Products CUPS 1.1.10
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
Easy Software Products CUPS 1.1.7
Easy Software Products CUPS 1.1.6
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Easy Software Products CUPS 1.1.4
+ Debian Linux 2.3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.1
+ RedHat PowerTools 7.0
Easy Software Products CUPS 1.0.4
+ Debian Linux 2.2
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2
Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Apple Mac OS X 10.2.3

- 不受影响的程序版本

Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Apple Mac OS X 10.2.3

- 漏洞讨论

It has been reported that some versions of CUPS may create temporary files in an insecure manner.

The vulnerability occurs when creating the '/etc/cups/certs/<pid>' file. An attacker can exploit this vulnerability to create or overwrite any file with elevated privileges.

Successful exploitation is time dependent and require the attacker to obtain the 'lp' user privileges.

- 漏洞利用

iDefense has developed a functional exploit, however it has not been released to the public.

- 解决方案

Conectiva has released advisory CLA-2003:702 to address this issue. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

It is recommended that all Gentoo Linux users who are running
net-print/cups-1.1.17_pre20021025 or earlier update their systems as
follows:

emerge rsync
emerge cups
emerge clean

Debian has released a security advisory (DSA 232-1) containing fixes. Users are advised to upgrade as soon as possible.

** Debian has released an updated advisory (DSA 232-2) containing links to corrected fixes containing the proper dependencies for libPNG.

This vulnerability is eliminated in CUPS 1.1.18. Red Hat is currently developing fixes. Apple MacOS X 10.2.3 and MacOS X Server 10.2.3 are not vulnerable.


Easy Software Products CUPS 1.0.4

Easy Software Products CUPS 1.1.1

Easy Software Products CUPS 1.1.10

Easy Software Products CUPS 1.1.12

Easy Software Products CUPS 1.1.13

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.15

Easy Software Products CUPS 1.1.16

Easy Software Products CUPS 1.1.17

Easy Software Products CUPS 1.1.4

Easy Software Products CUPS 1.1.6

Easy Software Products CUPS 1.1.7

Apple Mac OS X 10.2

Apple Mac OS X 10.2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站