Vulnerabilities > CVE-2002-1369 - Buffer Overflow vulnerability in CUPS strncat() Function Call
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_002.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:002 (cups). CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers - remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of last seen 2020-06-01 modified 2020-06-02 plugin id 13780 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13780 title SUSE-SA:2003:002: cups code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:002 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13780); script_bugtraq_id(6475); script_version ("1.15"); script_cve_id("CVE-2002-1366", "CVE-2002-1367", "CVE-2002-1368", "CVE-2002-1369", "CVE-2002-1371", "CVE-2002-1372", "CVE-2002-1383", "CVE-2002-1384"); name["english"] = "SUSE-SA:2003:002: cups"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2003:002 (cups). CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers - remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of 'options' buffer - design problem to gain local root (needs added printer, see above) - wrong handling of zero width images can be abused to gain higher privileges - file descriptor leak and denial-of-service due to missing checks of return values of file/socket operations Since SUSE 8.1 CUPS is the default printing system. As a temporary workaround CUPS can be disabled and an alternative printing system like LPRng can be installed instead. New CUPS packages are available on our FTP servers. Please, install them to fix your system. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2003_002_cups.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_end_attributes(); summary["english"] = "Check for the version of the cups package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"cups-1.1.6-121", release:"SUSE7.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.6-122", release:"SUSE7.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.10-94", release:"SUSE7.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.10-94", release:"SUSE7.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.10-94", release:"SUSE7.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.12-90", release:"SUSE8.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.12-90", release:"SUSE8.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.12-90", release:"SUSE8.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.15-69", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.15-69", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.15-69", release:"SUSE8.1") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"cups-", release:"SUSE7.1") || rpm_exists(rpm:"cups-", release:"SUSE7.2") || rpm_exists(rpm:"cups-", release:"SUSE7.3") || rpm_exists(rpm:"cups-", release:"SUSE8.0") || rpm_exists(rpm:"cups-", release:"SUSE8.1") ) { set_kb_item(name:"CVE-2002-1366", value:TRUE); set_kb_item(name:"CVE-2002-1367", value:TRUE); set_kb_item(name:"CVE-2002-1368", value:TRUE); set_kb_item(name:"CVE-2002-1369", value:TRUE); set_kb_item(name:"CVE-2002-1371", value:TRUE); set_kb_item(name:"CVE-2002-1372", value:TRUE); set_kb_item(name:"CVE-2002-1383", value:TRUE); set_kb_item(name:"CVE-2002-1384", value:TRUE); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-232.NASL description Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS). Several of these issues represent the potential for a remote compromise or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2002-1383: Multiple integer overflows allow a remote attacker to execute arbitrary code via the CUPSd HTTP interface and the image handling code in CUPS filters. - CAN-2002-1366: Race conditions in connection with /etc/cups/certs/ allow local users with lp privileges to create or overwrite arbitrary files. This is not present in the potato version. - CAN-2002-1367: This vulnerability allows a remote attacker to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a last seen 2020-06-01 modified 2020-06-02 plugin id 15069 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15069 title Debian DSA-232-1 : cupsys - several vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-001.NASL description iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the last seen 2020-06-01 modified 2020-06-02 plugin id 13986 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13986 title Mandrake Linux Security Advisory : cups (MDKSA-2003:001) NASL family Misc. NASL id CUPS_VULNS.NASL description The remote CUPS server seems vulnerable to various flaws (buffer overflow, denial of service, privilege escalation) that could allow a remote attacker to shut down this service or remotely gain the privileges of the last seen 2020-06-01 modified 2020-06-02 plugin id 11199 published 2003-01-18 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11199 title CUPS < 1.1.18 Multiple Vulnerabilities
Redhat
advisories |
|
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
- http://marc.info/?l=bugtraq&m=104032149026670&w=2
- http://www.debian.org/security/2003/dsa-232
- http://www.idefense.com/advisory/12.19.02.txt
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
- http://www.novell.com/linux/security/advisories/2003_002_cups.html
- http://www.redhat.com/support/errata/RHSA-2002-295.html
- http://www.securityfocus.com/bid/6438
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10910