Details of VAR-200212-0653

ID

VAR-200212-0653

CVE

CVE-2002-1366

TITLE

CUPS Vulnerability that allows creation and overwriting of arbitrary files due to race conditions

Trust: 0.8

sources: JVNDB: JVNDB-2002-000330

DESCRIPTION

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Common Unix Printing System (CUPS) Some UNIX Included in the UNIX Can be used universally in the environment Internet Printing Protocol version 1.1 (IPP/1.1) Is a printing system that supports Red Hat Linux 7.3 as well as 8.0 It is also bundled with. this CUPS Has the following security issues: still, Red Hat Linux Then CUPS Is disabled in the default installation. 1. Overflow due to overflow of integer digits * [CAN-2002-1383] CUPS There are a few problems with overflowing integer digits. For example, HTTP By exploiting this issue through the interface, a remote attacker can CUPSd Execute permission ( A user lp) Can execute arbitrary code. 2. Resource race condition for temporary file generation processing (race condition) Problem * [CAN-2002-1366] CUPS Is /etc/cups/certs/ less than pid ( Generation time CUPS Process ID) Creates a temporary file with a file name of, so a local attacker can predict how the temporary file name is determined. Therefore, by creating a file with the same name as the temporary file that points to the intended file, root Any file can be overwritten or created with authority. In order to execute this attack, 1. In advance, lp User rights are required. 3. Printer addition mechanism / Problems with the access control function * [CAN-2002-1367] Malicious maliciously created remotely UDP Packet CUPS By sending to, you can bypass the authentication and add a printer. Furthermore, there is a problem that the access control mechanism of the printer addition mechanism neglects the validity check. The added printer information is root Since it is interpreted by the authority, any print can be added by using these problems together. As a result, local attackers root Elevation to privilege is possible. 4. Intentionally created HTTP By communication CUPSd That crashes [CAN-2002-1368] CUPS Then IPP To accept connections on the backend HTTP server (CUPSd) Is included. this HTTP Server HTTP The remote attacker is not able to verify the validity of the range of received values in the handling part of Contents-Length: The field was set to a negative value, or intentionally assembled and chunked HTTP By trying to communicate with the protocol, CUPS Can be put into a denial of service. To restore normal operation CUPSd Needs to be restarted. 5. strncat Problem of buffer overflow caused by function [CAN-2002-1369] CUPS Has a buffer overflow problem when receiving a printer job with a specific attribute value. By using this issue, a remote attacker can root It is possible to execute arbitrary code with authority. To take advantage of this issue, 3. Need to take advantage of the problem. 6.GIF Problems when handling file formats [CAN-2002-1371] CUPS In GIF Width in the part that handles format files (width) There is a problem with the process of validating the value of. For this reason, remote attackers are deliberately assembled (width) But '0' Is GIF Overwrite the allocated memory contents by interpreting the format file, CUPS An arbitrary code may be executed with the execution right. 7. File descriptor issues with sockets and files * [CAN-2002-1372] CUPS Has a problem that does not properly close file descriptors for sockets and files. For this reason, local attackers can use this issue to cause memory leaks, CUPS It is possible to put the entire system running in a service out of service state.Please refer to the “Overview” for the impact of this vulnerability. It has been reported that some versions of CUPS may create temporary files in an insecure manner. An attacker can exploit this vulnerability to create or overwrite any file with elevated privileges. Successful exploitation is time dependent and require the attacker to obtain the 'lp' user privileges. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. Can cause system denial of service or gain root user privileges

Trust: 1.98

sources: NVD: CVE-2002-1366 // JVNDB: JVNDB-2002-000330 // BID: 6435 // VULHUB: VHN-5751

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	easy products	model:	cups	scope:	eq	version:	1.1.13	Trust: 1.0
vendor:	easy products	model:	cups	scope:	eq	version:	1.1.6	Trust: 1.0
vendor:	easy products	model:	cups	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	easy products	model:	cups	scope:	eq	version:	1.1.10	Trust: 1.0
vendor:	easy products	model:	cups	scope:	eq	version:	1.1.14	Trust: 1.0
vendor:	easy products	model:	cups	scope:	eq	version:	1.1.17	Trust: 1.0
vendor:	easy products	model:	cups	scope:	eq	version:	1.1.7	Trust: 1.0
vendor:	easy products	model:	cups	scope:	eq	version:	1.0.4	Trust: 1.0
vendor:	easy products	model:	cups	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	red hat	model:	linux	scope:	eq	version:	7.3	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	8.0	Trust: 0.8
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.17	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.16	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.15	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.14	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.13	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.12	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.10	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.7	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.6	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	eq	version:	1.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	easy	model:	software products cups	scope:	ne	version:	1.1.18	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.2.3	Trust: 0.3

sources: BID: 6435 // JVNDB: JVNDB-2002-000330 // CNNVD: CNNVD-200212-068 // NVD: CVE-2002-1366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1366
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2002-1366
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200212-068
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5751
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1366
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-5751
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5751 // JVNDB: JVNDB-2002-000330 // CNNVD: CNNVD-200212-068 // NVD: CVE-2002-1366

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1366

THREAT TYPE

local

Trust: 0.9

sources: BID: 6435 // CNNVD: CNNVD-200212-068

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-200212-068

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000330

PATCH

title:	RHSA-2002:295	url:	https://rhn.redhat.com/errata/RHSA-2002-295.html	Trust: 0.8
title:	RHSA-2002:295	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-295J.html	Trust: 0.8

sources: JVNDB: JVNDB-2002-000330

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1366	Trust: 2.8
db:	BID	id:	6435	Trust: 2.8
db:	BID	id:	6437	Trust: 0.8
db:	BID	id:	6439	Trust: 0.8
db:	BID	id:	6434	Trust: 0.8
db:	BID	id:	6433	Trust: 0.8
db:	BID	id:	6440	Trust: 0.8
db:	BID	id:	6436	Trust: 0.8
db:	BID	id:	6438	Trust: 0.8
db:	JVNDB	id:	JVNDB-2002-000330	Trust: 0.8
db:	CNNVD	id:	CNNVD-200212-068	Trust: 0.7
db:	SUSE	id:	SUSE-SA:2003:002	Trust: 0.6
db:	MANDRAKE	id:	MDKSA-2003:001	Trust: 0.6
db:	VULNWATCH	id:	20021219 IDEFENSE SECURITY ADVISORY 12.19.02: MULTIPLE SECURITY VULNERABILITIES IN COMMON UNIX PRINTING SYSTEM (CUPS)	Trust: 0.6
db:	DEBIAN	id:	DSA-232	Trust: 0.6
db:	BUGTRAQ	id:	20021219 IDEFENSE SECURITY ADVISORY 12.19.02: MULTIPLE SECURITY VULNERABILITIES IN COMMON UNIX PRINTING SYSTEM (CUPS)	Trust: 0.6
db:	XF	id:	10907	Trust: 0.6
db:	REDHAT	id:	RHSA-2002:295	Trust: 0.6
db:	VULHUB	id:	VHN-5751	Trust: 0.1

sources: VULHUB: VHN-5751 // BID: 6435 // JVNDB: JVNDB-2002-000330 // CNNVD: CNNVD-200212-068 // NVD: CVE-2002-1366

REFERENCES

url:	http://www.securityfocus.com/bid/6435	Trust: 2.5
url:	http://www.debian.org/security/2003/dsa-232	Trust: 1.7
url:	http://www.mandrakesoft.com/security/advisories?name=mdksa-2003:001	Trust: 1.7
url:	http://www.idefense.com/advisory/12.19.02.txt	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2002-295.html	Trust: 1.7
url:	http://www.novell.com/linux/security/advisories/2003_002_cups.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=104032149026670&w=2	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10907	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1366	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1366	Trust: 0.8
url:	http://www.securityfocus.com/bid/6438	Trust: 0.8
url:	http://www.securityfocus.com/bid/6440	Trust: 0.8
url:	http://www.securityfocus.com/bid/6439	Trust: 0.8
url:	http://www.securityfocus.com/bid/6437	Trust: 0.8
url:	http://www.securityfocus.com/bid/6434	Trust: 0.8
url:	http://www.securityfocus.com/bid/6433	Trust: 0.8
url:	http://www.securityfocus.com/bid/6436	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/10907	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2	Trust: 0.6
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	/archive/1/304031	Trust: 0.3

sources: VULHUB: VHN-5751 // BID: 6435 // JVNDB: JVNDB-2002-000330 // CNNVD: CNNVD-200212-068 // NVD: CVE-2002-1366

CREDITS

iDEFENSE Labs※ labs@idefense.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-068

SOURCES

db:	VULHUB	id:	VHN-5751
db:	BID	id:	6435
db:	JVNDB	id:	JVNDB-2002-000330
db:	CNNVD	id:	CNNVD-200212-068
db:	NVD	id:	CVE-2002-1366

LAST UPDATE DATE

2024-08-14T13:51:23.959000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5751	date:	2017-10-10T00:00:00
db:	BID	id:	6435	date:	2009-07-11T19:16:00
db:	JVNDB	id:	JVNDB-2002-000330	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200212-068	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1366	date:	2017-10-10T01:30:11.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5751	date:	2002-12-26T00:00:00
db:	BID	id:	6435	date:	2002-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2002-000330	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200212-068	date:	2002-12-26T00:00:00
db:	NVD	id:	CVE-2002-1366	date:	2002-12-26T05:00:00