CVE-2002-1369
CVSS10.0
发布时间 :2002-12-26 00:00:00
修订时间 :2016-10-17 22:26:24
NMCOS    

[原文]jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.


[CNNVD]CUPS strncat()函数调用远程缓冲区溢出漏洞(CNNVD-200212-071)

        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS守护程序不正确使用strncat()函数调用,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以ROOT权限在系统上执行任意指令。
        当CUPS守护进程接收到特殊构建打印机属性时,在使用strncat()函数时会触发缓冲区溢出,导致以攻击者提供的值破坏堆栈内存信息,结合其他CUPS漏洞可能以ROOT权限在系统上执行任意指令。
        Red Hat Linux和Apple MacOS X系统默认不安装CUPS系统。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.4_2
cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:easy_software_products:cups:1.1.4_3
cpe:/a:easy_software_products:cups:1.0.4
cpe:/a:easy_software_products:cups:1.1.4_5
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/a:easy_software_products:cups:1.1.10
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:easy_software_products:cups:1.1.14
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:easy_software_products:cups:1.1.1
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/a:easy_software_products:cups:1.0.4_8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1369
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1369
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-071
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
(UNKNOWN)  VULNWATCH  20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
(UNKNOWN)  CONECTIVA  CLSA-2003:702
http://marc.info/?l=bugtraq&m=104032149026670&w=2
(UNKNOWN)  BUGTRAQ  20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://www.debian.org/security/2003/dsa-232
(UNKNOWN)  DEBIAN  DSA-232
http://www.idefense.com/advisory/12.19.02.txt
(VENDOR_ADVISORY)  MISC  http://www.idefense.com/advisory/12.19.02.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
(UNKNOWN)  MANDRAKE  MDKSA-2003:001
http://www.novell.com/linux/security/advisories/2003_002_cups.html
(UNKNOWN)  SUSE  SuSE-SA:2003:002
http://www.redhat.com/support/errata/RHSA-2002-295.html
(UNKNOWN)  REDHAT  RHSA-2002:295
http://www.securityfocus.com/bid/6438
(UNKNOWN)  BID  6438
http://xforce.iss.net/xforce/xfdb/10910
(VENDOR_ADVISORY)  XF  cups-strncat-options-bo(10910)

- 漏洞信息

CUPS strncat()函数调用远程缓冲区溢出漏洞
危急 边界条件错误
2002-12-26 00:00:00 2005-05-13 00:00:00
远程  
        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS守护程序不正确使用strncat()函数调用,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以ROOT权限在系统上执行任意指令。
        当CUPS守护进程接收到特殊构建打印机属性时,在使用strncat()函数时会触发缓冲区溢出,导致以攻击者提供的值破坏堆栈内存信息,结合其他CUPS漏洞可能以ROOT权限在系统上执行任意指令。
        Red Hat Linux和Apple MacOS X系统默认不安装CUPS系统。
        

- 公告与补丁

        厂商补丁:
        Apple
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apple MacOS X 10.2.3和MacOS X Server 10.2.3不受此漏洞影响。
        升级程序:
        Apple MacOS X 10.2 (Jaguar):
        Apple Upgrade MacOSXUpdateCombo10.2.3.dmg
        
        http://www.info.apple.com/kbnum/n120164

        Apple MacOS X 10.2.2:
        Apple Upgrade MacOSXUpdate10.2.3.dmg
        
        http://www.info.apple.com/kbnum/n120165

        Easy Software Products
        ----------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Easy Software Products Upgrade CUPS 1.1.18
        
        http://www.cups.org/software.html

- 漏洞信息

10742
CUPS jobs.c Options Strings Remote Overflow
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown Vendor Verified

- 漏洞描述

A remote overflow exists in CUPS, which fails to check user-supplied input for printer attributes before being passed to the strncpy() function, resulting in a buffer overflow. With a specially crafted request, an attacker can cause stack corruption allowing them to crash the service or potentially execute arbitrary code.

- 时间线

2002-12-19 2002-12-19
Unknow 2002-12-12

- 解决方案

Upgrade to version 1.1.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

CUPS strncat() Function Call Buffer Overflow Vulnerability
Boundary Condition Error 6438
Yes No
2002-12-19 12:00:00 2009-07-11 07:16:00
Discovered by zen-parse.

- 受影响的程序版本

Easy Software Products CUPS 1.1.17
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Easy Software Products CUPS 1.1.16
+ Mandriva Linux Mandrake 9.0
Easy Software Products CUPS 1.1.15
+ Conectiva Linux Enterprise Edition 1.0
+ S.u.S.E. Linux 8.1
Easy Software Products CUPS 1.1.14
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Easy Software Products CUPS 1.1.13
Easy Software Products CUPS 1.1.12
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Easy Software Products CUPS 1.1.10
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
Easy Software Products CUPS 1.1.7
Easy Software Products CUPS 1.1.6
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Easy Software Products CUPS 1.1.4 -5
Easy Software Products CUPS 1.1.4 -3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.4 -2
+ Debian Linux 2.3
Easy Software Products CUPS 1.1.4
+ Debian Linux 2.3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.1
+ RedHat PowerTools 7.0
Easy Software Products CUPS 1.0.4 -8
+ Debian Linux 2.2
Easy Software Products CUPS 1.0.4
+ Debian Linux 2.2
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2
Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Apple Mac OS X 10.2.3

- 不受影响的程序版本

Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Apple Mac OS X 10.2.3

- 漏洞讨论

A vulnerability has been reported for CUPS that may allow attackers to execute code with root privileges. Reportedly, some functions in the CUPS daemon use the strncat() function call improperly.

When the CUPS daemon receives specially constructed printer attributes, it will trigger a buffer overflow condition when the strncat() function is used and may result in the corruption of sensitive memory with attacker-supplied values.

It may be possible for an attacker to execute code with root privileges by exploiting this vulnerability.

It should be noted that CUPS is not enabled by default in Red Hat Linux
and Apple MacOS X.

- 漏洞利用

iDefense has developed a functional exploit, however it has not been released to the public.

- 解决方案

Conectiva has released advisory CLA-2003:702 to address this issue. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

It is recommended that all Gentoo Linux users who are running
net-print/cups-1.1.17_pre20021025 or earlier update their systems as
follows:

emerge rsync
emerge cups
emerge clean

Debian has released a security advisory (DSA 232-1) containing fixes. Users are advised to upgrade as soon as possible.

** Debian has released an updated advisory (DSA 232-2) containing links to corrected fixes containing the proper dependencies for libPNG.

This vulnerability is eliminated in CUPS 1.1.18. Red Hat is currently developing fixes. Apple MacOS X 10.2.3 and MacOS X Server 10.2.3 are not vulnerable.


Easy Software Products CUPS 1.0.4 -8

Easy Software Products CUPS 1.0.4

Easy Software Products CUPS 1.1.1

Easy Software Products CUPS 1.1.10

Easy Software Products CUPS 1.1.12

Easy Software Products CUPS 1.1.13

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.15

Easy Software Products CUPS 1.1.16

Easy Software Products CUPS 1.1.17

Easy Software Products CUPS 1.1.4 -5

Easy Software Products CUPS 1.1.4 -2

Easy Software Products CUPS 1.1.4

Easy Software Products CUPS 1.1.4 -3

Easy Software Products CUPS 1.1.6

Easy Software Products CUPS 1.1.7

Apple Mac OS X 10.2

Apple Mac OS X 10.2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站