CVE-2004-2154
CVSS7.5
发布时间 :2004-12-31 00:00:00
修订时间 :2010-08-21 00:23:48
NMCOPS    

[原文]CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.


[CNNVD]Easy Software Products CUPS访问控制列表绕过漏洞(CNNVD-200412-588)

        CUPS 1.1.21rc1以前版本将cupsd.conf的Location指令作为敏感情况。攻击者可以借助包含大写或小写字母的打印机名称绕过预定ACLs,该打印机名称与指令中指明的不同。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:easy_software_products:cups:1.0.4_8
cpe:/a:easy_software_products:cups:1.1.12
cpe:/a:easy_software_products:cups:1.1.4_5
cpe:/a:easy_software_products:cups:1.1.19_rc5
cpe:/a:easy_software_products:cups:1.1.14
cpe:/a:easy_software_products:cups:1.1.18
cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:easy_software_products:cups:1.1.4_3
cpe:/a:easy_software_products:cups:1.1.20
cpe:/a:easy_software_products:cups:1.1.4_2
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:easy_software_products:cups:1.1.15
cpe:/a:easy_software_products:cups:1.1.16
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:easy_software_products:cups:1.1.10
cpe:/a:easy_software_products:cups:1.1.1
cpe:/a:easy_software_products:cups:1.1.19
cpe:/a:easy_software_products:cups:1.0.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9940CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a prin...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2154
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2154
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-588
(官方数据源) CNNVD

- 其它链接及资源

http://www.cups.org/str.php?L700
(PATCH)  CONFIRM  http://www.cups.org/str.php?L700
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405
(VENDOR_ADVISORY)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274
(UNKNOWN)  FEDORA  FLSA:163274
http://www.ubuntu.com/usn/usn-185-1
(UNKNOWN)  UBUNTU  USN-185-1
http://www.redhat.com/support/errata/RHSA-2005-571.html
(UNKNOWN)  REDHAT  RHSA-2005:571
http://www.novell.com/linux/security/advisories/2005_18_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:018

- 漏洞信息

Easy Software Products CUPS访问控制列表绕过漏洞
高危 访问验证错误
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        CUPS 1.1.21rc1以前版本将cupsd.conf的Location指令作为敏感情况。攻击者可以借助包含大写或小写字母的打印机名称绕过预定ACLs,该打印机名称与指令中指明的不同。

- 公告与补丁

        The vendor has released a fixed version of the affected software to address this issue.
        Please see the referenced advisories for more information.
        Easy Software Products CUPS 1.0.4 -8
        
        Easy Software Products CUPS 1.0.4
        
        Easy Software Products CUPS 1.1.1
        
        Easy Software Products CUPS 1.1.10
        
        Easy Software Products CUPS 1.1.12
        
        Easy Software Products CUPS 1.1.13
        
        Easy Software Products CUPS 1.1.14
        
        Easy Software Products CUPS 1.1.15
        
        Easy Software Products CUPS 1.1.16
        
        Easy Software Products CUPS 1.1.17
        
        Easy Software Products CUPS 1.1.18
        
        Easy Software Products CUPS 1.1.19
        
        

- 漏洞信息 (F40195)

Ubuntu Security Notice 185-1 (PacketStormID:F40195)
2005-09-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote
linux,ubuntu
CVE-2004-2154
[点击下载]

Ubuntu Security Notice USN-185-1 - A flaw was detected in the printer access control list checking in the CUPS server. Printer names were compared in a case sensitive manner; by modifying the capitalization of printer names, a remote attacker could circumvent ACLs and print to printers he should not have access to.

===========================================================
Ubuntu Security Notice USN-185-1	 September 20, 2005
cupsys vulnerability
CAN-2004-2154
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cupsys

The problem can be corrected by upgrading the affected package to
version 1.1.20final+cvs20040330-4ubuntu16.5.  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

A flaw was detected in the printer access control list checking in the
CUPS server. Printer names were compared in a case sensitive manner;
by modifying the capitalization of printer names, a remote attacker
could circumvent ACLs and print to printers he should not have access
to.

The Ubuntu 5.04 version of cupsys is not vulnerable against this.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.5.diff.gz
      Size/MD5:  1353545 138b931a4e026cacf0870ca3eba49506
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.5.dsc
      Size/MD5:      867 0475f922a395811f2d1b4a39fd02c240
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330.orig.tar.gz
      Size/MD5:  5645146 5eb5983a71b26e4af841c26703fc2f79

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:    59052 6d80f59e40a3cdccf88a64e6eb8e8818
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:   107326 6ad4b6a8b600d874b5de169588db23f7
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:  3614844 22bb4ae245e3983b54ffac479f9d11bd
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:    62684 4a99fce77c094c644bb65701f544769b
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:    53318 533e04c42b9cbb152d85760e09444b68
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:   101814 ff09bf2b58473a1632115f4e2cf465bc
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:    74864 c919425bc8e6262d6f82cb1576b651bf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    58384 44200b1d889546564eb7b5e082dbf43b
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:   105106 682977ac2a18684f47021a0ca22ed4a1
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:  3603588 23983f6264ec0a023d238c08cccbecb5
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    62242 727919da03f41881e1f83e4b82f9cc8c
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    52900 259c429f529ebf82c822becdba40d22d
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    98450 2748c1390c494e4794ff496258a7f64c
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    72136 ea28e5097435eb43329420d3759af775

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:    62964 4bba89312187f8a912b9bb8b8ffdb47a
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:   114960 f47efaa57093742589f0321fb3e81b76
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:  3633910 892c743ca13998b6e99b4703540349bd
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:    61880 0a074b2e55c2da22209dd4794c8d17ea
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:    55542 24d91159956370299a682efa35d06c60
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:   101194 cad8689725abb30ef8ec4a1e26ad1c80
    http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:    74976 9d36e438b667c49ebf99153a77464d37
    

- 漏洞信息

17912
CUPS Case Mismatch Printer Queue Password Bypass
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-05-13 Unknow
2004-05-13 Unknow

- 解决方案

Upgrade to version 1.1.21rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Easy Software Products CUPS Access Control List Bypass Vulnerability
Access Validation Error 14265
Yes No
2005-07-14 12:00:00 2006-05-26 04:58:00
This issue was reported to the vendor by adji.df.uba.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core2
Red Hat Fedora Core1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Easy Software Products CUPS 1.1.20
+ ALT Linux ALT Linux Compact 2.3
+ ALT Linux ALT Linux Junior 2.3
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ MandrakeSoft apcupsd 2006.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Easy Software Products CUPS 1.1.19 rc5
Easy Software Products CUPS 1.1.19
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Easy Software Products CUPS 1.1.17
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Easy Software Products CUPS 1.1.16
+ Mandriva Linux Mandrake 9.0
Easy Software Products CUPS 1.1.15
+ Conectiva Linux Enterprise Edition 1.0
+ S.u.S.E. Linux 8.1
Easy Software Products CUPS 1.1.14
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Easy Software Products CUPS 1.1.13
Easy Software Products CUPS 1.1.12
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Easy Software Products CUPS 1.1.10
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
Easy Software Products CUPS 1.1.7
Easy Software Products CUPS 1.1.6
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Easy Software Products CUPS 1.1.4 -5
Easy Software Products CUPS 1.1.4 -3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.4 -2
+ Debian Linux 2.3
Easy Software Products CUPS 1.1.4
+ Debian Linux 2.3
+ Mandriva Linux Mandrake 7.2
Easy Software Products CUPS 1.1.1
+ RedHat PowerTools 7.0
Easy Software Products CUPS 1.0.4 -8
+ Debian Linux 2.2
Easy Software Products CUPS 1.0.4
+ Debian Linux 2.2
Conectiva Linux 10.0
Easy Software Products CUPS 1.1.21
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1

- 不受影响的程序版本

Easy Software Products CUPS 1.1.21
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1

- 漏洞讨论

CUPS is prone to a vulnerability that lets attackers bypass ACLs (Access Control Lists). This issue is due to the application's failure to properly apply ACLs to incoming print jobs.

This vulnerability allows attackers to bypass configured ACLs and to print jobs on printers, skipping any configured authentication checks or IP restrictions.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has released a fixed version of the affected software to address this issue.

Please see the referenced advisories for more information.


Easy Software Products CUPS 1.0.4 -8

Easy Software Products CUPS 1.0.4

Easy Software Products CUPS 1.1.1

Easy Software Products CUPS 1.1.10

Easy Software Products CUPS 1.1.12

Easy Software Products CUPS 1.1.13

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.15

Easy Software Products CUPS 1.1.16

Easy Software Products CUPS 1.1.17

Easy Software Products CUPS 1.1.18

Easy Software Products CUPS 1.1.19

Easy Software Products CUPS 1.1.19 rc5

Easy Software Products CUPS 1.1.20

Easy Software Products CUPS 1.1.4 -5

Easy Software Products CUPS 1.1.4 -2

Easy Software Products CUPS 1.1.4 -3

Easy Software Products CUPS 1.1.4

Easy Software Products CUPS 1.1.6

Easy Software Products CUPS 1.1.7

Conectiva Linux 10.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站