ID

VAR-200212-0658

CVE

CVE-2002-1372

TITLE

CUPS  Denial of service due to failure to properly handle file descriptors in  (DoS)  Vulnerability

DESCRIPTION

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. ------------ This vulnerability information is a comprehensive explanation of multiple vulnerabilities that were published at the same time. Please note that this document contains vulnerability information other than the title. ------------Common Unix Printing System (CUPS) is some UNIX included in the UNIX Universally usable in the environment Internet Printing Protocol version 1.1 (IPP/1.1) A printing system that supports Red Hat Linux 7.3 as well as 8.0 It is also included in the package. this CUPS has the following security issues: still, Red Hat Linux Then CUPS is disabled in the default installation. 1. Problem where overflow occurs due to overflow of integer digits It was [CAN-2002-1383]CUPS There are some problems where overflow occurs due to integer digit overflow. for example, HTTP By exploiting this issue via an interface, a remote attacker could CUPSd execution privileges ( A user lp) can execute arbitrary code. 2. Resource race condition in temporary file generation process (race condition) problems that cause It was [CAN-2002-1366]CUPS teeth /etc/cups/certs/ less than pid ( at the time of generation CUPS process of ID) creates a temporary file with a filename of , so a local attacker can predict how the temporary filename is determined. Therefore, by creating a file with the same name as the temporary file that points to the intended file, root You can overwrite or create any file with permissions. In addition, in order to execute this attack, the above 1. Take advantage of the problems in lp User permission required. 3. Printer addition mechanism / Access control function issues It was [CAN-2002-1367] maliciously created remotely UDP packet CUPS You can add a printer by bypassing authentication by sending it to . Additionally, there is an issue with the access control mechanism of the printer addition mechanism that fails to check validity. The added printer information is root Since it is interpreted based on permissions, you can add any print by using these issues together. As a result, a local attacker can root Elevation to privilege is possible. 4. intentionally created HTTP by communication CUPSd Problem with crashing [CAN-2002-1368]CUPS Then IPP for the backend to accept connections with HTTP server (CUPSd) is included in the package. this HTTP server's HTTP The handling part of the code lacks sufficient validation of the range of values ​​received, allowing a remote attacker to Contents-Length: Fields set to negative values ​​or intentionally assembled into chunks HTTP By attempting to communicate using the protocol, CUPS It is possible to cause a denial of service. In addition, to restore normal operation, CUPSd requires a restart. 5. strncat Problem where buffer overflow occurs due to function [CAN-2002-1369]CUPS contains a buffer overflow issue when receiving printer jobs with specific attribute values. By exploiting this issue, a remote attacker could root It is possible to execute arbitrary code with privileges. To take advantage of this problem, use the above 3. You need to take advantage of the problem. 6.GIF Problems when handling files in this format [CAN-2002-1371]CUPS for GIF Width in the part that handles files in the format (width) There is an issue with insufficient validation of values. This allows remote attackers to create intentionally constructed widths. (width) But '0' is GIF overwrite the allocated memory contents by interpreting the format file, CUPS may execute arbitrary code with execution privileges. 7. File descriptor issues with sockets and files It was [CAN-2002-1372]CUPS There is an issue in which file descriptors for sockets and files are not properly closed. Therefore, a local attacker can exploit this issue to cause a memory leak and CUPS It is possible to cause a denial of service for the entire system running the system.Please refer to the "Overview" for the impact of this vulnerability. A vulnerability has been discovered in CUPS that may, under some circumstances, leak file descriptor information. Exploitation of this issue may allow an attacker to bind a malicious server instead of the cupsd server. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

access verification error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

iDEFENSE Labs※ labs@idefense.com

SOURCES

LAST UPDATE DATE

2024-08-14T13:51:23.874000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE