DSA-1625

Executive Summary

Summary
Title	New cupsys packages fix arbitrary code execution

Informations
Name	DSA-1625	First vendor Publication	2008-08-01
Vendor	Debian	Last vendor Modification	2008-08-01
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0053

Buffer overflows in the HP-GL input filter allowed to possibly run arbitrary code through crafted HP-GL files.

CVE-2008-1373

Buffer overflow in the GIF filter allowed to possibly run arbitrary code through crafted GIF files.

CVE-2008-1722

Integer overflows in the PNG filter allowed to possibly run arbitrary code through crafted PNG files.

For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch4 of package cupsys.

For the testing (lenny) and unstable distribution (sid), these problems have been fixed in version 1.3.7-2 of package cups.

We recommend that you upgrade your cupsys package.

Original Source

Url : http://www.debian.org/security/2008/dsa-1625

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10356

Oval ID:	oval:org.mitre.oval:def:10356
Title:	Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
Description:	Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0053	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section cups-devel is earlier than 1:1.1.17-13.3.52 AND cups is earlier than 1:1.1.17-13.3.52 AND cups-libs is earlier than 1:1.1.17-13.3.52 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section cups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6 AND cups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6 AND cups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section cups-lpd is earlier than 1:1.2.4-11.14.el5_1.6 AND cups-devel is earlier than 1:1.2.4-11.14.el5_1.6 AND cups is earlier than 1:1.2.4-11.14.el5_1.6 AND cups-libs is earlier than 1:1.2.4-11.14.el5_1.6

Definition Id: oval:org.mitre.oval:def:11479

Oval ID:	oval:org.mitre.oval:def:11479
Title:	Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
Description:	Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1373	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section cups-devel is earlier than 1:1.1.17-13.3.52 AND cups is earlier than 1:1.1.17-13.3.52 AND cups-libs is earlier than 1:1.1.17-13.3.52 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section cups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6 AND cups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6 AND cups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_6.6 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section cups-lpd is earlier than 1:1.2.4-11.14.el5_1.6 AND cups-devel is earlier than 1:1.2.4-11.14.el5_1.6 AND cups is earlier than 1:1.2.4-11.14.el5_1.6 AND cups-libs is earlier than 1:1.2.4-11.14.el5_1.6

Definition Id: oval:org.mitre.oval:def:8768

Oval ID:	oval:org.mitre.oval:def:8768
Title:	Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.
Description:	Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1722	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section cups-devel is earlier than 0:1.1.17-13.3.53 AND cups is earlier than 0:1.1.17-13.3.53 AND cups-libs is earlier than 0:1.1.17-13.3.53 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section cups-devel is earlier than 0:1.1.22-0.rc1.9.20.2.el4_6.8 AND cups is earlier than 0:1.1.22-0.rc1.9.20.2.el4_6.8 AND cups-libs is earlier than 0:1.1.22-0.rc1.9.20.2.el4_6.8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section cups-lpd is earlier than 0:1.2.4-11.18.el5_2.1 AND cups-devel is earlier than 0:1.2.4-11.18.el5_2.1 AND cups is earlier than 0:1.2.4-11.18.el5_2.1 AND cups-libs is earlier than 0:1.2.4-11.18.el5_2.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Cups cpe:/a:apple:cups:1.4.1 cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.3:rc2 cpe:/a:apple:cups:1.3:b1 cpe:/a:apple:cups:1.3:rc1 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.2:b2 cpe:/a:apple:cups:1.2:b1 cpe:/a:apple:cups:1.2:rc2 cpe:/a:apple:cups:1.2:rc3 cpe:/a:apple:cups:1.2:rc1 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.1	76
Application	Cups Cups cpe:/a:cups:cups:1.3	1
Application	Easy Software Products Cups cpe:/a:easy_software_products:cups:1.3.6	1

Open Source Vulnerability Database (OSVDB)

id	Description
44398	CUPS PNG File Handling Multiple Overflows
44160	CUPS filter/image-gif.c gif_read_image() Function GIF Image Handling Overflow
43382	CUPS Multiple HP-GL/2-to-PostScript Unspecified Input Validation Issues