The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of CUPS: several vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities of CUPS can be used by an attacker to create a denial of service, to obtain information, or to execute code.
Vulnerable systems: CUPS, Debian, Fedora, Mandriva Linux, OpenSolaris, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity of this threat: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 18/06/2010.
Revision date: 25/06/2010.
Références of this weakness: BID-40943, BID-41126, BID-41131, CERTA-2010-AVI-265, CERTA-2010-AVI-275, CVE-2010-0302, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432, DSA-2176-1, FEDORA-2010-10066, FEDORA-2010-10101, FEDORA-2010-10388, MDVSA-2010:232, MDVSA-2010:233, MDVSA-2010:234, MDVSA-2011:146, openSUSE-SU-2010:1018-1, openSUSE-SU-2010:1053-1, RHSA-2010:0490-01, RHSA-2010:0811-01, SSA:2010-176-05, STR #3480, STR #3490, STR #3510, STR #3516, STR #3518, STR #3577, SUSE-SR:2010:023, SUSE-SU-2011:1136-1, SUSE-SU-2011:1136-2, SUSE-SU-2011:1141-1, SUSE-SU-2011:1149-1, VIGILANCE-VUL-9716.

Description of the vulnerability 

The CUPS (Common UNIX Printing System) suite provides printers management for Unix. It has several vulnerabilities.

An attacker can print a malicious text document, in order to generate an allocation error in the _WriteProlog() function of texttops, leading to a denial of service or to code execution. [severity:3/4; BID-40943, CVE-2010-0542, STR #3516]

A remote attacker can ask for current print jobs in order to generate a denial of service of the CUPS daemon. [severity:2/4; CVE-2010-0302, STR #3490]

The cgi_initialize_string() function of the cgi-bin/var.c file does not correctly initializes the memory. An attacker can use a "/admin" url, in order to obtain a fragment of the memory. [severity:2/4; CVE-2010-1748, STR #3577]

An attacker can use an external vulnerability to replace /var/cache/cups/remote.cache by a symbolic link, in order to force CUPS to overwrite the pointed file with root privileges. [severity:1/4; BID-41131, CVE-2010-2431, STR #3510]

An attacker can generate a Cross Site Request Forgery in the administration interface. [severity:3/4; CERTA-2010-AVI-265, CERTA-2010-AVI-275, CVE-2010-0540, STR #3480]

When CUPS is compiled with HAVE_GSSAPI, an attacker can generate an infinite loop in the cupsDoAuthentication() function. [severity:1/4; BID-41126, CVE-2010-2432, STR #3518]

These vulnerabilities can be used by an attacker to create a denial of service, to obtain information, or to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as CUPS, Debian, Fedora, Mandriva Linux, OpenSolaris, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity announce is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 6 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this vulnerability alert.

Solutions for this threat 

CUPS: version 1.4.4.
Version 1.4.4 is corrected:
  http://cups.org/

Debian: new cups packages.
New packages are available:
  cups 1.3.8-1+lenny9

Fedora: new cups packages.
New packages are available:
  cups-1.4.4-4.fc11
  cups-1.4.4-5.fc12
  cups-1.4.4-5.fc13

Mandriva 2009, 2010, mes5: new cups packages.
New packages are available:
  cups-1.3.10-0.5mdv2009.0
  cups-1.4.3-3.2mdv2010.2
  cups-1.3.10-0.5mdvmes5.2

Mandriva: new cups packages.
New packages are available:
  Mandriva Linux 2009.0: cups-1.3.10-0.4mdv2009.0
  Mandriva Linux 2010.0: cups-1.4.1-12.2mdv2010.0
  Mandriva Linux 2010.1: cups-1.4.3-3.1mdv2010.1
  Corporate 4.0: cups-1.3.10-0.2.20060mlcs4
  Mandriva Enterprise Server 5: cups-1.3.10-0.4mdvmes5.1

openSUSE: new cups packages.
New packages are available:
  openSUSE 11.1 : cups-1.3.9-7.10.1
  openSUSE 11.2 : cups-1.3.11-4.7.1
  openSUSE 11.3 : cups-1.4.4-3.3.1

RHEL 3, 4, 5: new cups packages.
New packages are available:
Red Hat Enterprise Linux version 3:
  cups-1.1.17-13.3.65
Red Hat Enterprise Linux version 4:
  cups-1.1.22-0.rc1.9.32.el4_8.6
Red Hat Enterprise Linux version 5:
  cups-1.3.7-18.el5_5.4

RHEL 5: new cups packages.
New packages are available:
  cups-1.3.7-18.el5_5.8

Slackware: new cups packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/cups-1.4.4-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/cups-1.4.4-x86_64-1_slack13.1.txz

Solaris: patch for CUPS.
Four patches are available:
Solaris 11 Express snv_151a
  6958372
  6958373
  6994958
  7004783

SUSE LE: new cups packages.
New packages are available, as indicated in information sources.

SUSE: new packages (08/12/2010).
New packages are available, as indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.