Vulnerabilities > CVE-2002-1367

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2003_002.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2003:002 (cups). CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers - remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of
    last seen2020-06-01
    modified2020-06-02
    plugin id13780
    published2004-07-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13780
    titleSUSE-SA:2003:002: cups
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:002
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(13780);
     script_bugtraq_id(6475);
     script_version ("1.15");
     script_cve_id("CVE-2002-1366", "CVE-2002-1367", "CVE-2002-1368", "CVE-2002-1369", "CVE-2002-1371", "CVE-2002-1372", "CVE-2002-1383", "CVE-2002-1384");
     
     name["english"] = "SUSE-SA:2003:002: cups";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2003:002 (cups).
    
    
    CUPS is a well known and widely used printing system for unix-like
    systems. iDFENSE reported several security issues with CUPS that can
    lead to local and remote root compromise. The following list
    includes all vulnerabilities:
    - integer overflow in HTTP interface to gain remote
    access with CUPS privileges
    - local file race condition to gain root (bug mentioned
    above has to be exploited first)
    - remotely add printers
    - remote denial-of-service attack due to negative length in
    memcpy() call
    - integer overflow in image handling code to gain higher privileges
    - gain local root due to buffer overflow of 'options' buffer
    - design problem to gain local root (needs added printer, see above)
    - wrong handling of zero width images can be abused to gain higher
    privileges
    - file descriptor leak and denial-of-service due to missing checks
    of return values of file/socket operations
    
    Since SUSE 8.1 CUPS is the default printing system.
    
    As a temporary workaround CUPS can be disabled and an alternative
    printing system like LPRng can be installed instead.
    
    New CUPS packages are available on our FTP servers. Please, install
    them to fix your system.
    
    Please download the update package for your distribution and verify its
    integrity by the methods listed in section 3) of this announcement.
    Then, install the package using the command 'rpm -Fhv file.rpm' to apply
    the update." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/2003_002_cups.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
    
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25");
     script_cvs_date("Date: 2019/10/25 13:36:27");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the cups package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"cups-1.1.6-121", release:"SUSE7.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-1.1.6-122", release:"SUSE7.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-1.1.10-94", release:"SUSE7.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-libs-1.1.10-94", release:"SUSE7.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-client-1.1.10-94", release:"SUSE7.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-1.1.12-90", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-libs-1.1.12-90", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-client-1.1.12-90", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-1.1.15-69", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-libs-1.1.15-69", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cups-client-1.1.15-69", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if (rpm_exists(rpm:"cups-", release:"SUSE7.1")
     || rpm_exists(rpm:"cups-", release:"SUSE7.2")
     || rpm_exists(rpm:"cups-", release:"SUSE7.3")
     || rpm_exists(rpm:"cups-", release:"SUSE8.0")
     || rpm_exists(rpm:"cups-", release:"SUSE8.1") )
    {
     set_kb_item(name:"CVE-2002-1366", value:TRUE);
     set_kb_item(name:"CVE-2002-1367", value:TRUE);
     set_kb_item(name:"CVE-2002-1368", value:TRUE);
     set_kb_item(name:"CVE-2002-1369", value:TRUE);
     set_kb_item(name:"CVE-2002-1371", value:TRUE);
     set_kb_item(name:"CVE-2002-1372", value:TRUE);
     set_kb_item(name:"CVE-2002-1383", value:TRUE);
     set_kb_item(name:"CVE-2002-1384", value:TRUE);
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-232.NASL
    descriptionMultiple vulnerabilities were discovered in the Common Unix Printing System (CUPS). Several of these issues represent the potential for a remote compromise or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2002-1383: Multiple integer overflows allow a remote attacker to execute arbitrary code via the CUPSd HTTP interface and the image handling code in CUPS filters. - CAN-2002-1366: Race conditions in connection with /etc/cups/certs/ allow local users with lp privileges to create or overwrite arbitrary files. This is not present in the potato version. - CAN-2002-1367: This vulnerability allows a remote attacker to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a
    last seen2020-06-01
    modified2020-06-02
    plugin id15069
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15069
    titleDebian DSA-232-1 : cupsys - several vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-001.NASL
    descriptioniDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the
    last seen2020-06-01
    modified2020-06-02
    plugin id13986
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13986
    titleMandrake Linux Security Advisory : cups (MDKSA-2003:001)
  • NASL familyMisc.
    NASL idCUPS_VULNS.NASL
    descriptionThe remote CUPS server seems vulnerable to various flaws (buffer overflow, denial of service, privilege escalation) that could allow a remote attacker to shut down this service or remotely gain the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id11199
    published2003-01-18
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11199
    titleCUPS < 1.1.18 Multiple Vulnerabilities

Redhat

advisories
rhsa
idRHSA-2002:295