|
|
Common Unix 打印系统属性名存在缓冲溢出
发布时间:2002-02-18
更新时间:2002-02-18
严重程度:高
威胁程度:远程管理员权限
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:4100
受影响系统Easy Software Products CUPS 1.0.4
+ Debian Linux 2.2
Easy Software Products CUPS 1.1.7
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
Easy Software Products CUPS 1.1.10
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
Easy Software Products CUPS 1.1.13 详细描述
Cups (Common Unix Printing System) 是一款免费的开放源代码打印工具。
当作业提送给由cups管理的打印机时,可能产生缓冲溢出。jobs.c中有一段代码
使用strcat函数拷贝名字属性,没有检查名字的大小,可造成堆栈溢出而执行
任意代码。
测试代码
尚无
解决方案
下载如下升级程序:
Easy Software Products CUPS 1.0.4:
Debian Upgrade cupsys-bsd_1.0.4-10_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys-bsd_1.0.4-10_alpha.deb
Debian Upgrade cupsys_1.0.4-10_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys_1.0.4-10_alpha.deb
Debian Upgrade libcupsys1-dev_1.0.4-10_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1-dev_1.0.4-10_alpha.deb
Debian Upgrade libcupsys1_1.0.4-10_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1_1.0.4-10_alpha.deb
Debian Upgrade cupsys-bsd_1.0.4-10_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/cupsys-bsd_1.0.4-10_arm.deb
Debian Upgrade cupsys_1.0.4-10_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/cupsys_1.0.4-10_arm.deb
Debian Upgrade libcupsys1-dev_1.0.4-10_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libcupsys1-dev_1.0.4-10_arm.deb
Debian Upgrade libcupsys1_1.0.4-10_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libcupsys1_1.0.4-10_arm.deb
Debian Upgrade cupsys-bsd_1.0.4-10_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys-bsd_1.0.4-10_i386.deb
Debian Upgrade cupsys_1.0.4-10_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys_1.0.4-10_i386.deb
Debian Upgrade libcupsys1-dev_1.0.4-10_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1-dev_1.0.4-10_i386.deb
Debian Upgrade libcupsys1_1.0.4-10_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1_1.0.4-10_i386.deb
Debian Upgrade cupsys-bsd_1.0.4-10_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys-bsd_1.0.4-10_m68k.deb
Debian Upgrade cupsys_1.0.4-10_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys_1.0.4-10_m68k.deb
Debian Upgrade libcupsys1-dev_1.0.4-10_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1-dev_1.0.4-10_m68k.deb
Debian Upgrade libcupsys1_1.0.4-10_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1_1.0.4-10_m68k.deb
Debian Upgrade cupsys-bsd_1.0.4-10_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys-bsd_1.0.4-10_powerpc.deb
Debian Upgrade cupsys_1.0.4-10_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys_1.0.4-10_powerpc.deb
Debian Upgrade libcupsys1-dev_1.0.4-10_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1-dev_1.0.4-10_powerpc.deb
Debian Upgrade libcupsys1_1.0.4-10_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1_1.0.4-10_powerpc.deb
Debian Upgrade cupsys-bsd_1.0.4-10_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys-bsd_1.0.4-10_sparc.deb
Debian Upgrade cupsys_1.0.4-10_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys_1.0.4-10_sparc.deb
Debian Upgrade libcupsys1-dev_1.0.4-10_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1-dev_1.0.4-10_sparc.deb
Debian Upgrade libcupsys1_1.0.4-10_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1_1.0.4-10_sparc.deb
Easy Software Products CUPS 1.1.7:
MandrakeSoft RPM cups-1.1.7-2.2mdk.i586.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/7.2/RPMS/cups-1.1.7-2.2mdk.i586.rpm
MandrakeSoft RPM cups-devel-1.1.7-2.2mdk.i586.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/7.2/RPMS/cups-devel-1.1.7-2.2mdk.i586.rpm
MandrakeSoft RPM cups-1.1.7-2.1mdk.i586.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/8.0/RPMS/cups-1.1.7-2.1mdk.i586.rpm
MandrakeSoft RPM cups-common-1.1.7-2.1mdk.i586.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/8.0/RPMS/cups-common-1.1.7-2.1mdk.i586.rpm
MandrakeSoft RPM cups-1.1.7-2.1mdk.ppc.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/ppc/8.0/RPMS/cups-1.1.7-2.1mdk.ppc.rpm
MandrakeSoft RPM cups-common-1.1.7-2.1mdk.ppc.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/ppc/8.0/RPMS/cups-common-1.1.7-2.1mdk.ppc.rpm
Easy Software Products CUPS 1.1.10:
MandrakeSoft RPM cups-1.1.10-9.1mdk.i586.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/8.1/RPMS/cups-1.1.10-9.1mdk.i586.rpm
MandrakeSoft RPM cups-common-1.1.10-9.1mdk.i586.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/8.1/RPMS/cups-common-1.1.10-9.1mdk.i586.rpm
MandrakeSoft RPM cups-serial-1.1.10-9.1mdk.i586.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/8.1/RPMS/cups-serial-1.1.10-9.1mdk.i586.rpm
MandrakeSoft RPM cups-1.1.10-9.1mdk.ia64.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/ia64/8.1/RPMS/cups-1.1.10-9.1mdk.ia64.rpm
MandrakeSoft RPM cups-common-1.1.10-9.1mdk.ia64.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/ia64/8.1/RPMS/cups-common-1.1.10-9.1mdk.ia64.rpm
MandrakeSoft RPM cups-serial-1.1.10-9.1mdk.ia64.rpm
http://telia.dl.sourceforge.net/mirrors/mandrake/updates/ia64/8.1/RPMS/cups-serial-1.1.10-9.1mdk.ia64.rpm
Easy Software Products CUPS 1.1.13:
相关信息
参考:http://www.securityfocus.com/advisories/3872
http://www.securityfocus.com/advisories/3877
|
