ID

VAR-200212-0657


CVE

CVE-2002-1371


TITLE

CUPS of filters/image-gif.c Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2002-000334

DESCRIPTION

filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Common Unix Printing System (CUPS) Some UNIX Included in the UNIX Can be used universally in the environment Internet Printing Protocol version 1.1 (IPP/1.1) Is a printing system that supports Red Hat Linux 7.3 as well as 8.0 It is also bundled with. this CUPS Has the following security issues: still, Red Hat Linux Then CUPS Is disabled in the default installation. 1. Overflow due to overflow of integer digits * [CAN-2002-1383] CUPS There are a few problems with overflowing integer digits. For example, HTTP By exploiting this issue through the interface, a remote attacker can CUPSd Execute permission ( A user lp) Can execute arbitrary code. 2. Resource race condition for temporary file generation processing (race condition) Problem * [CAN-2002-1366] CUPS Is /etc/cups/certs/ less than pid ( Generation time CUPS Process ID) Creates a temporary file with a file name of, so a local attacker can predict how the temporary file name is determined. Therefore, by creating a file with the same name as the temporary file that points to the intended file, root Any file can be overwritten or created with authority. In order to execute this attack, 1. In advance, lp User rights are required. 3. Printer addition mechanism / Problems with the access control function * [CAN-2002-1367] Malicious maliciously created remotely UDP Packet CUPS By sending to, you can bypass the authentication and add a printer. Furthermore, there is a problem that the access control mechanism of the printer addition mechanism neglects the validity check. The added printer information is root Since it is interpreted by the authority, any print can be added by using these problems together. As a result, local attackers root Elevation to privilege is possible. 4. Intentionally created HTTP By communication CUPSd That crashes [CAN-2002-1368] CUPS Then IPP To accept connections on the backend HTTP server (CUPSd) Is included. this HTTP Server HTTP The remote attacker is not able to verify the validity of the range of received values in the handling part of Contents-Length: The field was set to a negative value, or intentionally assembled and chunked HTTP By trying to communicate with the protocol, CUPS Can be put into a denial of service. To restore normal operation CUPSd Needs to be restarted. 5. strncat Problem of buffer overflow caused by function [CAN-2002-1369] CUPS Has a buffer overflow problem when receiving a printer job with a specific attribute value. By using this issue, a remote attacker can root It is possible to execute arbitrary code with authority. To take advantage of this issue, 3. Need to take advantage of the problem. 6.GIF Problems when handling file formats [CAN-2002-1371] CUPS In GIF Width in the part that handles format files (width) There is a problem with the process of validating the value of. 7. File descriptor issues with sockets and files * [CAN-2002-1372] CUPS Has a problem that does not properly close file descriptors for sockets and files. For this reason, local attackers can use this issue to cause memory leaks, CUPS It is possible to put the entire system running in a service out of service state.Please refer to the “Overview” for the impact of this vulnerability. As a result, if an attacker submits a properly malformed image, it may be possible to corrupt memory with attacker-supplied data. Successful exploitation will result in arbitrary code execution in the security context of CUPS. The attacker must be able to cause the malformed image to be processed by CUPS to exploit this issue. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. Remote attackers can exploit this vulnerability to conduct a denial of service attack on CUPS, and may execute arbitrary commands on the system with CUPS process privileges. xpos + +; temp += bpp; if (xpos == img->xsize) { ImagePutRow(img, 0, ypos, img->xsize, pixels); ..

Trust: 1.98

sources: NVD: CVE-2002-1371 // JVNDB: JVNDB-2002-000334 // BID: 6439 // VULHUB: VHN-5756

AFFECTED PRODUCTS

vendor:easy productsmodel:cupsscope:eqversion:1.1.17

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.0.4_8

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.4

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.6

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.0.4

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.4_2

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.13

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.2

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.10

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.4_3

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.14

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.4_5

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.1

Trust: 1.0

vendor:easy productsmodel:cupsscope:eqversion:1.1.7

Trust: 1.0

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:8.0

Trust: 0.8

vendor:easymodel:software products cupsscope:eqversion:1.1.17

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.16

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.15

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.14

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.13

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.10

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.7

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.6

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.4-5

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.4-3

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.4-2

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.4

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.1

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.0.4-8

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:easymodel:software products cupsscope:neversion:1.1.18

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.3

Trust: 0.3

sources: BID: 6439 // JVNDB: JVNDB-2002-000334 // CNNVD: CNNVD-200212-067 // NVD: CVE-2002-1371

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1371
value: HIGH

Trust: 1.0

NVD: CVE-2002-1371
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200212-067
value: HIGH

Trust: 0.6

VULHUB: VHN-5756
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1371
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-5756
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5756 // JVNDB: JVNDB-2002-000334 // CNNVD: CNNVD-200212-067 // NVD: CVE-2002-1371

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-067

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 6439 // CNNVD: CNNVD-200212-067

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000334

PATCH

title:RHSA-2002:295url:https://rhn.redhat.com/errata/RHSA-2002-295.html

Trust: 0.8

title:RHSA-2002:295url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-295J.html

Trust: 0.8

sources: JVNDB: JVNDB-2002-000334

EXTERNAL IDS

db:NVDid:CVE-2002-1371

Trust: 2.8

db:BIDid:6439

Trust: 2.8

db:BIDid:6435

Trust: 0.8

db:BIDid:6437

Trust: 0.8

db:BIDid:6434

Trust: 0.8

db:BIDid:6433

Trust: 0.8

db:BIDid:6440

Trust: 0.8

db:BIDid:6436

Trust: 0.8

db:BIDid:6438

Trust: 0.8

db:JVNDBid:JVNDB-2002-000334

Trust: 0.8

db:CNNVDid:CNNVD-200212-067

Trust: 0.7

db:SUSEid:SUSE-SA:2003:002

Trust: 0.6

db:XFid:10911

Trust: 0.6

db:CONECTIVAid:CLSA-2003:702

Trust: 0.6

db:MANDRAKEid:MDKSA-2003:001

Trust: 0.6

db:VULNWATCHid:20021219 IDEFENSE SECURITY ADVISORY 12.19.02: MULTIPLE SECURITY VULNERABILITIES IN COMMON UNIX PRINTING SYSTEM (CUPS)

Trust: 0.6

db:DEBIANid:DSA-232

Trust: 0.6

db:BUGTRAQid:20021219 IDEFENSE SECURITY ADVISORY 12.19.02: MULTIPLE SECURITY VULNERABILITIES IN COMMON UNIX PRINTING SYSTEM (CUPS)

Trust: 0.6

db:REDHATid:RHSA-2002:295

Trust: 0.6

db:VULHUBid:VHN-5756

Trust: 0.1

sources: VULHUB: VHN-5756 // BID: 6439 // JVNDB: JVNDB-2002-000334 // CNNVD: CNNVD-200212-067 // NVD: CVE-2002-1371

REFERENCES

url:http://www.securityfocus.com/bid/6439

Trust: 3.5

url:http://www.idefense.com/advisory/12.19.02.txt

Trust: 3.3

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702

Trust: 2.7

url:http://www.debian.org/security/2003/dsa-232

Trust: 2.7

url:http://www.mandrakesoft.com/security/advisories?name=mdksa-2003:001

Trust: 2.7

url:http://www.redhat.com/support/errata/rhsa-2002-295.html

Trust: 2.7

url:http://www.novell.com/linux/security/advisories/2003_002_cups.html

Trust: 2.7

url:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html

Trust: 2.7

url:http://marc.info/?l=bugtraq&m=104032149026670&w=2

Trust: 2.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/10911

Trust: 2.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1371

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1371

Trust: 0.8

url:http://www.securityfocus.com/bid/6438

Trust: 0.8

url:http://www.securityfocus.com/bid/6440

Trust: 0.8

url:http://www.securityfocus.com/bid/6437

Trust: 0.8

url:http://www.securityfocus.com/bid/6434

Trust: 0.8

url:http://www.securityfocus.com/bid/6433

Trust: 0.8

url:http://www.securityfocus.com/bid/6435

Trust: 0.8

url:http://www.securityfocus.com/bid/6436

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/10911

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:/archive/1/304031

Trust: 0.3

url:/archive/1/304265

Trust: 0.3

sources: VULHUB: VHN-5756 // BID: 6439 // JVNDB: JVNDB-2002-000334 // CNNVD: CNNVD-200212-067 // NVD: CVE-2002-1371

CREDITS

iDEFENSE Labs※ labs@idefense.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-067

SOURCES

db:VULHUBid:VHN-5756
db:BIDid:6439
db:JVNDBid:JVNDB-2002-000334
db:CNNVDid:CNNVD-200212-067
db:NVDid:CVE-2002-1371

LAST UPDATE DATE

2024-11-22T22:48:43.385000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-5756date:2017-10-10T00:00:00
db:BIDid:6439date:2009-07-11T19:17:00
db:JVNDBid:JVNDB-2002-000334date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200212-067date:2006-01-18T00:00:00
db:NVDid:CVE-2002-1371date:2024-11-20T23:41:08.753

SOURCES RELEASE DATE

db:VULHUBid:VHN-5756date:2002-12-26T00:00:00
db:BIDid:6439date:2002-12-19T00:00:00
db:JVNDBid:JVNDB-2002-000334date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200212-067date:2002-12-26T00:00:00
db:NVDid:CVE-2002-1371date:2002-12-26T05:00:00