ID

VAR-200212-0658


CVE

CVE-2002-1372


TITLE

CUPS  Denial of service due to failure to properly handle file descriptors in  (DoS)  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2002-000335

DESCRIPTION

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. ------------ This vulnerability information is a comprehensive explanation of multiple vulnerabilities that were published at the same time. Please note that this document contains vulnerability information other than the title. ------------Common Unix Printing System (CUPS) is some UNIX included in the UNIX Universally usable in the environment Internet Printing Protocol version 1.1 (IPP/1.1) A printing system that supports Red Hat Linux 7.3 as well as 8.0 It is also included in the package. this CUPS has the following security issues: still, Red Hat Linux Then CUPS is disabled in the default installation. 1. Problem where overflow occurs due to overflow of integer digits It was [CAN-2002-1383]CUPS There are some problems where overflow occurs due to integer digit overflow. for example, HTTP By exploiting this issue via an interface, a remote attacker could CUPSd execution privileges ( A user lp) can execute arbitrary code. 2. Resource race condition in temporary file generation process (race condition) problems that cause It was [CAN-2002-1366]CUPS teeth /etc/cups/certs/ less than pid ( at the time of generation CUPS process of ID) creates a temporary file with a filename of , so a local attacker can predict how the temporary filename is determined. Therefore, by creating a file with the same name as the temporary file that points to the intended file, root You can overwrite or create any file with permissions. In addition, in order to execute this attack, the above 1. Take advantage of the problems in lp User permission required. 3. Printer addition mechanism / Access control function issues It was [CAN-2002-1367] maliciously created remotely UDP packet CUPS You can add a printer by bypassing authentication by sending it to . Additionally, there is an issue with the access control mechanism of the printer addition mechanism that fails to check validity. The added printer information is root Since it is interpreted based on permissions, you can add any print by using these issues together. As a result, a local attacker can root Elevation to privilege is possible. 4. intentionally created HTTP by communication CUPSd Problem with crashing [CAN-2002-1368]CUPS Then IPP for the backend to accept connections with HTTP server (CUPSd) is included in the package. this HTTP server's HTTP The handling part of the code lacks sufficient validation of the range of values ​​received, allowing a remote attacker to Contents-Length: Fields set to negative values ​​or intentionally assembled into chunks HTTP By attempting to communicate using the protocol, CUPS It is possible to cause a denial of service. In addition, to restore normal operation, CUPSd requires a restart. 5. strncat Problem where buffer overflow occurs due to function [CAN-2002-1369]CUPS contains a buffer overflow issue when receiving printer jobs with specific attribute values. By exploiting this issue, a remote attacker could root It is possible to execute arbitrary code with privileges. To take advantage of this problem, use the above 3. You need to take advantage of the problem. 6.GIF Problems when handling files in this format [CAN-2002-1371]CUPS for GIF Width in the part that handles files in the format (width) There is an issue with insufficient validation of values. This allows remote attackers to create intentionally constructed widths. (width) But '0' is GIF overwrite the allocated memory contents by interpreting the format file, CUPS may execute arbitrary code with execution privileges. 7. File descriptor issues with sockets and files It was [CAN-2002-1372]CUPS There is an issue in which file descriptors for sockets and files are not properly closed. Therefore, a local attacker can exploit this issue to cause a memory leak and CUPS It is possible to cause a denial of service for the entire system running the system.Please refer to the "Overview" for the impact of this vulnerability. A vulnerability has been discovered in CUPS that may, under some circumstances, leak file descriptor information. Exploitation of this issue may allow an attacker to bind a malicious server instead of the cupsd server. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services

Trust: 1.98

sources: NVD: CVE-2002-1372 // JVNDB: JVNDB-2002-000335 // BID: 6440 // VULHUB: VHN-5757

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:cupsscope:gteversion:1.1.14

Trust: 1.0

vendor:applemodel:cupsscope:lteversion:1.1.17

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.2

Trust: 1.0

vendor:レッドハットmodel:red hat linuxscope:eqversion: -

Trust: 0.8

vendor:レッドハットmodel:red hat linuxscope:eqversion:8.0

Trust: 0.8

vendor:レッドハットmodel:red hat linuxscope:eqversion:7.3

Trust: 0.8

vendor:easy productsmodel:cupsscope:eqversion:1.1.17

Trust: 0.6

vendor:easy productsmodel:cupsscope:eqversion:1.0.4_8

Trust: 0.6

vendor:easy productsmodel:cupsscope:eqversion:1.1.13

Trust: 0.6

vendor:easy productsmodel:cupsscope:eqversion:1.1.14

Trust: 0.6

vendor:easymodel:software products cupsscope:eqversion:1.1.17

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.16

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.15

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.14

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.13

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.12

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.10

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.7

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.6

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.4-5

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.4-3

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.4-2

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.4

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.1.1

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.0.4-8

Trust: 0.3

vendor:easymodel:software products cupsscope:eqversion:1.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:easymodel:software products cupsscope:neversion:1.1.18

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.3

Trust: 0.3

sources: BID: 6440 // JVNDB: JVNDB-2002-000335 // CNNVD: CNNVD-200212-066 // NVD: CVE-2002-1372

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1372
value: HIGH

Trust: 1.0

NVD: CVE-2002-1372
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200212-066
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5757
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-1372
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-5757
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2002-1372
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2002-1372
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-5757 // JVNDB: JVNDB-2002-000335 // CNNVD: CNNVD-200212-066 // NVD: CVE-2002-1372

PROBLEMTYPE DATA

problemtype:CWE-252

Trust: 1.0

problemtype:Unchecked return value (CWE-252) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2002-000335 // NVD: CVE-2002-1372

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-066

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200212-066

PATCH

title:RHSA-2002url:https://rhn.redhat.com/errata/RHSA-2002-295.html

Trust: 0.8

sources: JVNDB: JVNDB-2002-000335

EXTERNAL IDS

db:NVDid:CVE-2002-1372

Trust: 3.6

db:BIDid:6440

Trust: 2.8

db:BIDid:6436

Trust: 0.8

db:BIDid:6435

Trust: 0.8

db:BIDid:6434

Trust: 0.8

db:BIDid:6439

Trust: 0.8

db:BIDid:6433

Trust: 0.8

db:BIDid:6437

Trust: 0.8

db:BIDid:6438

Trust: 0.8

db:JVNDBid:JVNDB-2002-000335

Trust: 0.8

db:CNNVDid:CNNVD-200212-066

Trust: 0.7

db:SUSEid:SUSE-SA:2003:002

Trust: 0.6

db:CONECTIVAid:CLSA-2003:702

Trust: 0.6

db:XFid:10912

Trust: 0.6

db:MANDRAKEid:MDKSA-2003:001

Trust: 0.6

db:VULNWATCHid:20021219 IDEFENSE SECURITY ADVISORY 12.19.02: MULTIPLE SECURITY VULNERABILITIES IN COMMON UNIX PRINTING SYSTEM (CUPS)

Trust: 0.6

db:DEBIANid:DSA-232

Trust: 0.6

db:BUGTRAQid:20021219 IDEFENSE SECURITY ADVISORY 12.19.02: MULTIPLE SECURITY VULNERABILITIES IN COMMON UNIX PRINTING SYSTEM (CUPS)

Trust: 0.6

db:REDHATid:RHSA-2002:295

Trust: 0.6

db:VULHUBid:VHN-5757

Trust: 0.1

sources: VULHUB: VHN-5757 // BID: 6440 // JVNDB: JVNDB-2002-000335 // CNNVD: CNNVD-200212-066 // NVD: CVE-2002-1372

REFERENCES

url:http://www.securityfocus.com/bid/6440

Trust: 3.5

url:http://www.idefense.com/advisory/12.19.02.txt

Trust: 3.3

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702

Trust: 2.7

url:http://www.debian.org/security/2003/dsa-232

Trust: 2.7

url:http://www.mandrakesoft.com/security/advisories?name=mdksa-2003:001

Trust: 2.7

url:http://www.redhat.com/support/errata/rhsa-2002-295.html

Trust: 2.7

url:http://www.novell.com/linux/security/advisories/2003_002_cups.html

Trust: 2.7

url:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html

Trust: 2.7

url:http://marc.info/?l=bugtraq&m=104032149026670&w=2

Trust: 2.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/10912

Trust: 2.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1372

Trust: 0.8

url:http://www.securityfocus.com/bid/6439

Trust: 0.8

url:http://www.securityfocus.com/bid/6437

Trust: 0.8

url:http://www.securityfocus.com/bid/6434

Trust: 0.8

url:http://www.securityfocus.com/bid/6433

Trust: 0.8

url:http://www.securityfocus.com/bid/6435

Trust: 0.8

url:http://www.securityfocus.com/bid/6436

Trust: 0.8

url:http://www.securityfocus.com/bid/6438

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/10912

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:/archive/1/304031

Trust: 0.3

sources: VULHUB: VHN-5757 // BID: 6440 // JVNDB: JVNDB-2002-000335 // CNNVD: CNNVD-200212-066 // NVD: CVE-2002-1372

CREDITS

iDEFENSE Labs※ labs@idefense.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-066

SOURCES

db:VULHUBid:VHN-5757
db:BIDid:6440
db:JVNDBid:JVNDB-2002-000335
db:CNNVDid:CNNVD-200212-066
db:NVDid:CVE-2002-1372

LAST UPDATE DATE

2024-11-22T22:48:43.344000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-5757date:2017-10-10T00:00:00
db:BIDid:6440date:2009-07-11T19:17:00
db:JVNDBid:JVNDB-2002-000335date:2024-02-22T02:36:00
db:CNNVDid:CNNVD-200212-066date:2006-01-18T00:00:00
db:NVDid:CVE-2002-1372date:2024-11-20T23:41:08.900

SOURCES RELEASE DATE

db:VULHUBid:VHN-5757date:2002-12-26T00:00:00
db:BIDid:6440date:2002-12-19T00:00:00
db:JVNDBid:JVNDB-2002-000335date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200212-066date:2002-12-26T00:00:00
db:NVDid:CVE-2002-1372date:2002-12-26T05:00:00