CVE-2002-1371
CVSS7.5
发布时间 :2002-12-26 00:00:00
修订时间 :2016-10-17 22:26:25
NMCOS    

[原文]filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.


[CNNVD]CUPS图象过滤器GIF零宽度内存破坏漏洞(CNNVD-200212-067)

        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS图象过滤器不正确处理宽度为零值的GIF文件,远程攻击者可以利用这个漏洞进行对CUPS进行拒绝服务攻击,可能以CUPS进程权限在系统上执行任意指令。
        在filters/image-gif.c图象过滤器代码中不正确检查图象宽度为零的GIF文件:
         bpp = ImageGetDepth(img);
         pixels = calloc(bpp, img->xsize);
        ...
         xpos ++;
         temp += bpp;
         if (xpos == img->xsize)
         {
         ImagePutRow(img, 0, ypos, img->xsize, pixels); ...
        如果攻击者发送特殊构建的GIF文件,可能破坏内存结构,以CUPS进程权限在系统上执行任意指令。
        Red Hat Linux和Apple MacOS X系统默认不安装CUPS系统。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.4_2
cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:easy_software_products:cups:1.1.4_3
cpe:/a:easy_software_products:cups:1.0.4
cpe:/a:easy_software_products:cups:1.1.4_5
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/a:easy_software_products:cups:1.1.10
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:easy_software_products:cups:1.1.14
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:easy_software_products:cups:1.1.1
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/a:easy_software_products:cups:1.0.4_8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1371
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1371
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-067
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
(UNKNOWN)  VULNWATCH  20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
(UNKNOWN)  CONECTIVA  CLSA-2003:702
http://marc.info/?l=bugtraq&m=104032149026670&w=2
(UNKNOWN)  BUGTRAQ  20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://www.debian.org/security/2003/dsa-232
(UNKNOWN)  DEBIAN  DSA-232
http://www.idefense.com/advisory/12.19.02.txt
(VENDOR_ADVISORY)  MISC  http://www.idefense.com/advisory/12.19.02.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
(UNKNOWN)  MANDRAKE  MDKSA-2003:001
http://www.novell.com/linux/security/advisories/2003_002_cups.html
(UNKNOWN)  SUSE  SuSE-SA:2003:002
http://www.redhat.com/support/errata/RHSA-2002-295.html
(UNKNOWN)  REDHAT  RHSA-2002:295
http://www.securityfocus.com/bid/6439
(UNKNOWN)  BID  6439
http://xforce.iss.net/xforce/xfdb/10911
(VENDOR_ADVISORY)  XF  cups-zero-width-images(10911)

- 漏洞信息

CUPS图象过滤器GIF零宽度内存破坏漏洞
高危 边界条件错误
2002-12-26 00:00:00 2006-01-18 00:00:00
远程  
        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS图象过滤器不正确处理宽度为零值的GIF文件,远程攻击者可以利用这个漏洞进行对CUPS进行拒绝服务攻击,可能以CUPS进程权限在系统上执行任意指令。
        在filters/image-gif.c图象过滤器代码中不正确检查图象宽度为零的GIF文件:
         bpp = ImageGetDepth(img);
         pixels = calloc(bpp, img->xsize);
        ...
         xpos ++;
         temp += bpp;
         if (xpos == img->xsize)
         {
         ImagePutRow(img, 0, ypos, img->xsize, pixels); ...
        如果攻击者发送特殊构建的GIF文件,可能破坏内存结构,以CUPS进程权限在系统上执行任意指令。
        Red Hat Linux和Apple MacOS X系统默认不安装CUPS系统。
        

- 公告与补丁

        厂商补丁:
        Apple
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apple MacOS X 10.2.3和MacOS X Server 10.2.3不受此漏洞影响。
        升级程序:
        Apple MacOS X 10.2 (Jaguar):
        Apple Upgrade MacOSXUpdateCombo10.2.3.dmg
        
        http://www.info.apple.com/kbnum/n120164

        Apple MacOS X 10.2.2:
        Apple Upgrade MacOSXUpdate10.2.3.dmg
        
        http://www.info.apple.com/kbnum/n120165

        Easy Software Products
        ----------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Easy Software Products Upgrade CUPS 1.1.18
        
        http://www.cups.org/software.html

- 漏洞信息

10743
CUPS image-gif.c Zero-Length GIF Image Header Arbitrary Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

CUPS contains a flaw that may allow a malicious user to execute arbitrary code. The issue is due to image-gif.c improperly handling zero width GIF images. By sending a specially crafted image with the chunk headers, a remote attacker can corrupt memory and execute arbitrary code, resulting in a loss of integrity.

- 时间线

2002-12-19 Unknow
Unknow 2003-01-13

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Easy Software Products has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CUPS Image Filter Zero Width GIF Memory Corruption Vulnerability
Boundary Condition Error 6439
Yes No
2002-12-19 12:00:00 2009-07-11 07:17:00
Discovered by zen-parse.

- 受影响的程序版本

Easy Software Products CUPS 1.1.17
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Easy Software Products CUPS 1.1.16
+ Mandriva Linux Mandrake 9.0
Easy Software Products CUPS 1.1.15
+ Conectiva Linux Enterprise Edition 1.0
+ S.u.S.E. Linux 8.1
Easy Software Products CUPS 1.1.14
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Easy Software Products CUPS 1.1.13
Easy Software Products CUPS 1.1.10
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
Easy Software Products CUPS 1.1.7
Easy Software Products CUPS 1.1.6
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Easy Software Products CUPS 1.1.4 -5
Easy Software Products CUPS 1.1.4 -3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.4 -2
+ Debian Linux 2.3
Easy Software Products CUPS 1.1.4
+ Debian Linux 2.3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.1
+ RedHat PowerTools 7.0
Easy Software Products CUPS 1.0.4 -8
+ Debian Linux 2.2
Easy Software Products CUPS 1.0.4
+ Debian Linux 2.2
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2
Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Apple Mac OS X 10.2.3

- 不受影响的程序版本

Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Apple Mac OS X 10.2.3

- 漏洞讨论

CUPS image filters do not properly handle GIF files with a width field set to zero. As a result, if an attacker submits a properly malformed image, it may be possible to corrupt memory with attacker-supplied data.

Successful exploitation will result in arbitrary code execution in the security context of CUPS. The attacker must be able to cause the malformed image to be processed by CUPS to exploit this issue.

- 漏洞利用

iDefense has developed a functional exploit, however it has not been released to the public.

- 解决方案

Conectiva has released advisory CLA-2003:702 to address this issue. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

It is recommended that all Gentoo Linux users who are running
net-print/cups-1.1.17_pre20021025 or earlier update their systems as
follows:

emerge rsync
emerge cups
emerge clean

Debian has released a security advisory (DSA 232-1) containing fixes. Users are advised to upgrade as soon as possible.

** Debian has released an updated advisory (DSA 232-2) containing links to corrected fixes containing the proper dependencies for libPNG.

This vulnerability is eliminated in CUPS 1.1.18. Red Hat is currently developing fixes. Apple MacOS X 10.2.3 and MacOS X Server 10.2.3 are not vulnerable.


Easy Software Products CUPS 1.0.4 -8

Easy Software Products CUPS 1.0.4

Easy Software Products CUPS 1.1.1

Easy Software Products CUPS 1.1.10

Easy Software Products CUPS 1.1.13

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.15

Easy Software Products CUPS 1.1.16

Easy Software Products CUPS 1.1.17

Easy Software Products CUPS 1.1.4 -5

Easy Software Products CUPS 1.1.4 -2

Easy Software Products CUPS 1.1.4

Easy Software Products CUPS 1.1.4 -3

Easy Software Products CUPS 1.1.6

Easy Software Products CUPS 1.1.7

Apple Mac OS X 10.2

Apple Mac OS X 10.2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站