Login
Newsletter
Werbung
Sicherheit: Umgehung von Rechteprüfungen in CUPS
Aktuelle Meldungen Distributionen
Name: Umgehung von Rechteprüfungen in CUPS
ID: USN-185-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10
Datum: Di, 20. September 2005, 10:07
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2154
Applikationen: Common UNIX Printing System

Originalnachricht

 

--===============0844485606==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="84ND8YJRMFlzkrP4"
Content-Disposition: inline


--84ND8YJRMFlzkrP4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-185-1	 September 20, 2005
cupsys vulnerability
CAN-2004-2154
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cupsys

The problem can be corrected by upgrading the affected package to
version 1.1.20final+cvs20040330-4ubuntu16.5.  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

A flaw was detected in the printer access control list checking in the
CUPS server. Printer names were compared in a case sensitive manner;
by modifying the capitalization of printer names, a remote attacker
could circumvent ACLs and print to printers he should not have access
to.

The Ubuntu 5.04 version of cupsys is not vulnerable against this.

  Source archives:

    cupsys_1.1.20final+cvs20040330-4ubuntu16.5.diff.gz
      Size/MD5:  1353545 138b931a4e026cacf0870ca3eba49506
    cupsys_1.1.20final+cvs20040330-4ubuntu16.5.dsc
      Size/MD5:      867 0475f922a395811f2d1b4a39fd02c240
    cupsys_1.1.20final+cvs20040330.orig.tar.gz
      Size/MD5:  5645146 5eb5983a71b26e4af841c26703fc2f79

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:    59052 6d80f59e40a3cdccf88a64e6eb8e8818
    cupsys-client_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:   107326 6ad4b6a8b600d874b5de169588db23f7
    cupsys_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:  3614844 22bb4ae245e3983b54ffac479f9d11bd
    libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:    62684 4a99fce77c094c644bb65701f544769b
    libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:    53318 533e04c42b9cbb152d85760e09444b68
    libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:   101814 ff09bf2b58473a1632115f4e2cf465bc
    libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.5_amd64.deb
      Size/MD5:    74864 c919425bc8e6262d6f82cb1576b651bf

  i386 architecture (x86 compatible Intel/AMD)

    cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    58384 44200b1d889546564eb7b5e082dbf43b
    cupsys-client_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:   105106 682977ac2a18684f47021a0ca22ed4a1
    cupsys_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:  3603588 23983f6264ec0a023d238c08cccbecb5
    libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    62242 727919da03f41881e1f83e4b82f9cc8c
    libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    52900 259c429f529ebf82c822becdba40d22d
    libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    98450 2748c1390c494e4794ff496258a7f64c
    libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.5_i386.deb
      Size/MD5:    72136 ea28e5097435eb43329420d3759af775

  powerpc architecture (Apple Macintosh G3/G4/G5)

    cupsys-bsd_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:    62964 4bba89312187f8a912b9bb8b8ffdb47a
    cupsys-client_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:   114960 f47efaa57093742589f0321fb3e81b76
    cupsys_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:  3633910 892c743ca13998b6e99b4703540349bd
    libcupsimage2-dev_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:    61880 0a074b2e55c2da22209dd4794c8d17ea
    libcupsimage2_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:    55542 24d91159956370299a682efa35d06c60
    libcupsys2-dev_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:   101194 cad8689725abb30ef8ec4a1e26ad1c80
    libcupsys2-gnutls10_1.1.20final+cvs20040330-4ubuntu16.5_powerpc.deb
      Size/MD5:    74976 9d36e438b667c49ebf99153a77464d37

--84ND8YJRMFlzkrP4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDL8JHDecnbV4Fd/IRAsV7AJ9x4folYYddG0bPKYoBqls0TjU+SgCgrrcK
1mtASD23SPUctnyUyp2fdn0=
=z/Gy
-----END PGP SIGNATURE-----

--84ND8YJRMFlzkrP4--


--===============0844485606==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0844485606==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung