Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Mike O'Leary on December 20, 2002, 11:33:44 AM
-
Does e-smith use the CUPS "Common Unix Printing System (CUPS)"
if so, does the latest problems affect us in anyway and if so will there be a update issued, see http://www.idefense.com/advisory/12.19.02.txt for more information,
Thanks
Mike
II. DESCRIPTION
Exploitation of multiple CUPS vulnerabilities allow local and remote
attackers in the worst of the scenarios to gain root privileges. The
following test platforms were used for various parts of this advisory:
[1] - Red Hat Linux 7.0 running CUPS-1.1.14-5 (RPM)
[2] - Red Hat Linux 7.3 running CUPS-1.1.14-15 (RPM)
[3] - Red Hat Linux 7.3 running CUPS-1.1.17 (Source Install)
VII. CVE INFORMATION
The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project has
assigned the following identification numbers to these issues:
CAN-2002-1383: ISSUE 1 - Multiple Integer Overflows
CAN-2002-1366: ISSUE 2 - /etc/cups/certs/ Race Condition
CAN-2002-1367: ISSUE 3 - Adding Printers with UDP Packets/
Root Certificate Design Flaw
CAN-2002-1368: ISSUE 4 - Negative Length Memcpy() Calls
CAN-2002-1369: ISSUE 5 - Unsafe Strncat Function Call in jobs.c
CAN-2002-1371: ISSUE 6 - Zero Width Images in filters/image-gif.c
CAN-2002-1372: ISSUE 7 - File Descriptor Resource Leaks