CVE-2002-1383
CVSS10.0
发布时间 :2002-12-26 00:00:00
修订时间 :2016-10-17 22:26:37
NMCOS    

[原文]Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.


[CNNVD]CUPS HTTP接口整数缓冲区溢出漏洞(CNNVD-200212-075)

        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS的HTTP服务组件存在整数缓冲区溢出,远程攻击者可以利用这个漏洞以用户'lp'和'sys'组权限在系统上执行任意指令。
        http组件包含cgi-bin/var.c文件,其中有如下变量:
        var = form_vars + form_count;
        var->name = strdup(name);
        var->nvalues = element + 1;
        var->avalues = element + 1;
        var->values = calloc(element + 1, sizeof(char *));
        var->values[element] = strdup(value);
        由于攻击者可以控制element和value,因此可以覆盖调用函数的堆栈地址而执行任意指令。成功利用这个漏洞可以获得用户'lp'和'sys'组的权限。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.4_2
cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:easy_software_products:cups:1.1.4_3
cpe:/a:easy_software_products:cups:1.0.4
cpe:/a:easy_software_products:cups:1.1.4_5
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/a:easy_software_products:cups:1.1.10
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:easy_software_products:cups:1.1.14
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:easy_software_products:cups:1.1.1
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/a:easy_software_products:cups:1.0.4_8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1383
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1383
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-075
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt
(UNKNOWN)  CALDERA  CSSA-2003-004.0
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
(UNKNOWN)  VULNWATCH  20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://marc.info/?l=bugtraq&m=104032149026670&w=2
(UNKNOWN)  BUGTRAQ  20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
http://www.idefense.com/advisory/12.19.02.txt
(VENDOR_ADVISORY)  MISC  http://www.idefense.com/advisory/12.19.02.txt
http://www.novell.com/linux/security/advisories/2003_002_cups.html
(UNKNOWN)  SUSE  SuSE-SA:2003:002
http://www.redhat.com/support/errata/RHSA-2002-295.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:295

- 漏洞信息

CUPS HTTP接口整数缓冲区溢出漏洞
危急 边界条件错误
2002-12-26 00:00:00 2005-10-20 00:00:00
远程  
        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS的HTTP服务组件存在整数缓冲区溢出,远程攻击者可以利用这个漏洞以用户'lp'和'sys'组权限在系统上执行任意指令。
        http组件包含cgi-bin/var.c文件,其中有如下变量:
        var = form_vars + form_count;
        var->name = strdup(name);
        var->nvalues = element + 1;
        var->avalues = element + 1;
        var->values = calloc(element + 1, sizeof(char *));
        var->values[element] = strdup(value);
        由于攻击者可以控制element和value,因此可以覆盖调用函数的堆栈地址而执行任意指令。成功利用这个漏洞可以获得用户'lp'和'sys'组的权限。
        

- 公告与补丁

        厂商补丁:
        Apple
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apple MacOS X 10.2.3和MacOS X Server 10.2.3不受此漏洞影响。
        升级程序:
        Apple MacOS X 10.2 (Jaguar):
        Apple Upgrade MacOSXUpdateCombo10.2.3.dmg
        
        http://www.info.apple.com/kbnum/n120164

        Apple MacOS X 10.2.2:
        Apple Upgrade MacOSXUpdate10.2.3.dmg
        
        http://www.info.apple.com/kbnum/n120165

        Easy Software Products
        ----------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Easy Software Products Upgrade CUPS 1.1.18
        
        http://www.cups.org/software.html

- 漏洞信息

10745
CUPS HTTP Interface Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-12-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CUPS lp Image Handler Integer Overflow Vulnerabilities
Boundary Condition Error 6434
No Yes
2002-12-19 12:00:00 2009-07-11 07:16:00
Discovered by zen-parse.

- 受影响的程序版本

Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Easy Software Products CUPS 1.1.17
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Easy Software Products CUPS 1.1.16
+ Mandriva Linux Mandrake 9.0
Easy Software Products CUPS 1.1.15
+ Conectiva Linux Enterprise Edition 1.0
+ S.u.S.E. Linux 8.1
Easy Software Products CUPS 1.1.14
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Easy Software Products CUPS 1.1.13
Easy Software Products CUPS 1.1.12
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Easy Software Products CUPS 1.1.10
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
Easy Software Products CUPS 1.1.7
Easy Software Products CUPS 1.1.6
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Easy Software Products CUPS 1.1.4
+ Debian Linux 2.3
+ Mandriva Linux Mandrake 7.2
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2
Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Apple Mac OS X 10.2.3

- 不受影响的程序版本

Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Apple Mac OS X 10.2.3

- 漏洞讨论

It has been reported that the image handling component of CUPS is vulnerable to integer overflow conditions. These flaws may be exploited by local attackers to execute instructions with elevated privileges. Attackers may gain user 'lp', group 'sys' privileges. Depending on system configuration, other privileges may be gained.

- 漏洞利用

iDefense has developed a functional exploit, however it has not been released to the public.

- 解决方案

Conectiva has released advisory CLA-2003:702 to address this issue. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

It is recommended that all Gentoo Linux users who are running
net-print/cups-1.1.17_pre20021025 or earlier update their systems as
follows:

emerge rsync
emerge cups
emerge clean

Debian has released a security advisory (DSA 232-1) containing fixes. Users are advised to upgrade as soon as possible.

** Debian has released an updated advisory (DSA 232-2) containing links to corrected fixes containing the proper dependencies for libPNG.

This vulnerability is eliminated in CUPS 1.1.18. Red Hat is currently developing fixes. Apple MacOS X 10.2.3 and MacOS X Server 10.2.3 are not vulnerable.


Easy Software Products CUPS 1.1.10

Easy Software Products CUPS 1.1.12

Easy Software Products CUPS 1.1.13

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.15

Easy Software Products CUPS 1.1.16

Easy Software Products CUPS 1.1.17

Easy Software Products CUPS 1.1.4

Easy Software Products CUPS 1.1.6

Easy Software Products CUPS 1.1.7

Apple Mac OS X 10.2

Apple Mac OS X 10.2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站