drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in cups
Name: |
Denial of Service in cups
|
|
ID: |
CSSA-2004-012.0 |
|
Distribution: |
SCO OpenLinux |
|
Plattformen: |
SCO OpenLinux 3.1.1 Server, SCO OpenLinux 3.1.1 Workstation |
|
Datum: |
Fr, 5. März 2004, 12:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0788 |
|
Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenLinux: cups denial of service vulnerability Advisory number: CSSA-2004-012.0 Issue date: 2004 March 03 Cross reference: sr887386 fz528509 erg712497 CAN-2003-0788 ______________________________________________________________________________
1. Problem Description
Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service via certain inputs to the IPP port.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0788 to this issue.
2. Vulnerable Supported Versions
System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to cups-1.1.20-1.i386.rpm prior to cups-devel-1.1.20-1.i386.rpm prior to cups-libs-1.1.20-1.i386.rpm
OpenLinux 3.1.1 Workstation prior to cups-1.1.20-1.i386.rpm prior to cups-devel-1.1.20-1.i386.rpm prior to cups-libs-1.1.20-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. This patch obsoletes two cups rpm packages namely cups-client and cups-ppd. These packages need to be removed from the system.
To remove cups-client and cups-ppd from your system, as the root user issue the following commands:
#rpm -e cups-client #rpm -e cups-ppd
Note: Warning messages about directories not removed is expected. After the two obsoleted packages are removed, you can install the updated packages manually or use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment).
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-012.0/RPMS
4.2 Packages
dd11d44b98062be3cf02023e647b5ec8 cups-1.1.20-1.i386.rpm 94adce8cea263d4d5fa9ed24f9c269d4 cups-devel-1.1.20-1.i386.rpm 5b9a9ebee31a22c9eea412f0453316c2 cups-libs-1.1.20-1.i386.rpm
4.3 Installation
rpm -Fvh cups-1.1.20-1.i386.rpm rpm -Fvh cups-devel-1.1.20-1.i386.rpm rpm -Fvh cups-libs-1.1.20-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-012.0/SRPMS
4.5 Source Packages
93c8d369c251667a3c1cef458d855a9d cups-1.1.20-1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-012.0/RPMS
5.2 Packages
88e5b7473c89a7508d59e03aa7cdb8cf cups-1.1.20-1.i386.rpm 8884706cafa18004acf4f409acdd0b3a cups-devel-1.1.20-1.i386.rpm a588bcafea49cb3c816a0cbf39684250 cups-libs-1.1.20-1.i386.rpm
5.3 Installation
rpm -Fvh cups-1.1.20-1.i386.rpm rpm -Fvh cups-devel-1.1.20-1.i386.rpm rpm -Fvh cups-libs-1.1.20-1.i386.rpm
5.4 Source Package Location
SRPMS
5.5 Source Packages
5ade3a153244bbbe26c802b4e8650520 cups-1.1.20-1.src.rpm
6. References
Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0788
SCO security resources: http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr887386 fz528509 erg712497.
7. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
8. Acknowledgements
SCO would like to thank Paul Mitcheson
______________________________________________________________________________
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)
iD8DBQFARn12bluZssSXDTERAvL/AKDUAbqVdgNfVO5x7QzdSC0+1SLUbQCbB8Sc Ynt32rtj2Ms2GplGjA8Sykk= =zne0 -----END PGP SIGNATURE-----
|
|
|
|