SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Printer-drivers Vendors:   Mandriva/Mandrake
(Mandrake Issues Fix) Mandrake Linux 'printer-drivers' Package May Yield Root Privileges to Local Users
SecurityTracker Alert ID:  1005960
SecurityTracker URL:  http://securitytracker.com/id/1005960
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 22 2003
Impact:   Execution of arbitrary code via local system, Modification of system information, Modification of user information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Some vulnerabilities were reported in the 'printer-drivers' package distributed with Mandrake Linux. A local user could obtain root privileges on the system.

iDEFENSE reported bugs in several binaries included in the printer-drivers package.

A buffer overflow was reported in 'mtink' in the processing of the HOME environment variable. A local user can supply a specially crafted HOME environment variable to execute arbitrary code with 'sys' group privileges.

A buffer overflow was reported in 'escputil' in the parsing of the 'printer name' command line argument. A local user can supply a specially crafted printer name value to execute arbitrary code with 'sys' group privileges.

A race condition in the use of temporary files was reported in 'm185p'. A local user with 'sys' group privileges could create a symbolic link from a predictable temporary file name to a critical file on the system or to an arbitrary file name. Then, when the binary is invoked, it will delete the contents of the linked file or create the specified arbitrary file with world-writable permissions. The local user could obtain root level privileges.

Impact:   A local user may be able to obtain 'sys' group privileges on the system. A local user with 'sys' group privileges may be able to obtain root level privileges on the system.
Solution:   Mandrake has released a fix.

Mandrake Linux 8.0:
f73ac236476e42edb47c6de8bddf3bf6 8.0/RPMS/ghostscript-5.50-67.1mdk.i586.rpm
194d3d3150830529262cd562084b2748 8.0/RPMS/ghostscript-module-SVGALIB-5.50-67.1mdk.i586.rpm
237a8a46e63c3d364426e24700121f5d 8.0/RPMS/ghostscript-module-X-5.50-67.1mdk.i586.rpm
46a3685b6b609550996fdfb443f08ee5 8.0/RPMS/ghostscript-utils-5.50-67.1mdk.i586.rpm
c444a6dc72f986760fc79f04171b4248 8.0/SRPMS/ghostscript-5.50-67.1mdk.src.rpm

Mandrake Linux 8.1:
1c099c00b6048a3cb4388a5d14d50e83 8.1/RPMS/cups-drivers-1.1-15.1mdk.i586.rpm
9f9e63f6d1c3824af50e11c22b92734a 8.1/RPMS/foomatic-1.1-0.20010923.1mdk.i586.rpm
007184bfd509d6b1af39e52be5388fc5 8.1/RPMS/ghostscript-6.51-24.1mdk.i586.rpm
034d87218640f50e3a7718018020cb05 8.1/RPMS/ghostscript-module-SVGALIB-6.51-24.1mdk.i586.rpm
6066643d9abba4c6ac9fdad5b551cb7e 8.1/RPMS/ghostscript-module-X-6.51-24.1mdk.i586.rpm
c6a17df239c3ddd445ce9f2bc555d4cd 8.1/RPMS/libgimpprint1-4.1.99-16.1mdk.i586.rpm
f755acbe2e2f3d9e655878128e9093ce 8.1/RPMS/libgimpprint1-devel-4.1.99-16.1mdk.i586.rpm
2461154aa9964328e581d7a5783bdb30 8.1/RPMS/omni-0.4-11.1mdk.i586.rpm
9aa152eb8ed7ce8a786314ccf05aa0e7 8.1/RPMS/printer-filters-1.0-15.1mdk.i586.rpm
5739c7c8a224c195ac2022c67b80b7e2 8.1/RPMS/printer-testpages-1.0-15.1mdk.i586.rpm
a03fe3c9df2d3bca85fcc7251bdd642e 8.1/RPMS/printer-utils-1.0-15.1mdk.i586.rpm
ef1b8de6afb6564ded010866e004ed90 8.1/SRPMS/printer-drivers-1.0-15.1mdk.src.rpm

Mandrake Linux 8.2:
3e337348a3f33d95c36f038d86eb2fc3 8.2/RPMS/cups-drivers-1.1-48.2mdk.i586.rpm
a6a6d768dd87e97622b2ed23a9d87b71 8.2/RPMS/foomatic-1.1-0.20020323mdk.i586.rpm
40671ccb5c3bb2968de5ed0149620b1e 8.2/RPMS/ghostscript-6.53-13.2mdk.i586.rpm
49a34a44f9f56081691d7aea19227ad9 8.2/RPMS/ghostscript-module-SVGALIB-6.53-13.2mdk.i586.rpm
06910c0a6486ac8d2bbca180f6788039 8.2/RPMS/ghostscript-module-X-6.53-13.2mdk.i586.rpm
043cd354df0edbfe9541187d6fe0003f 8.2/RPMS/gimpprint-4.2.1-0.pre5.2mdk.i586.rpm
7b72e1912f52e299c414c863fd6bac99 8.2/RPMS/libgimpprint1-4.2.1-0.pre5.2mdk.i586.rpm
ac7867720301cdbe22f78205464625d0 8.2/RPMS/libgimpprint1-devel-4.2.1-0.pre5.2mdk.i586.rpm
71c1bf91eb6a2c4e67bcc5f2701fa318 8.2/RPMS/omni-0.6.0-2.2mdk.i586.rpm
30b7a5bf39d72f92f6a705a64616b4a6 8.2/RPMS/printer-filters-1.0-48.2mdk.i586.rpm
f574df2c4907b44de93371d533a98d3e 8.2/RPMS/printer-testpages-1.0-48.2mdk.i586.rpm
889b82046f705b8cdb34d8bcc10493ee 8.2/RPMS/printer-utils-1.0-48.2mdk.i586.rpm
2118f3e17f58f70dc4dc91e9c92b7ab0 8.2/SRPMS/printer-drivers-1.0-48.2mdk.src.rpm

Mandrake Linux 9.0:
1a37c30fff3477daa2daf751f0c9bc0a 9.0/RPMS/cups-drivers-1.1-84.2mdk.i586.rpm
3de7cba3d95989049cb11995de2308c1 9.0/RPMS/foomatic-2.0.2-20021220.2.2mdk.i586.rpm
b4fc5535711e41e06105982f7bfec62b 9.0/RPMS/ghostscript-7.05-33.2mdk.i586.rpm
cee4fb4252d7c31e34d21f79de9600f6 9.0/RPMS/ghostscript-module-X-7.05-33.2mdk.i586.rpm
824251708aed6bf396c6e97563a1ee4b 9.0/RPMS/gimpprint-4.2.5-0.2.2mdk.i586.rpm
d55709ae91e0c0d9a33d2a3e91e7d4c1 9.0/RPMS/libgimpprint1-4.2.5-0.2.2mdk.i586.rpm
66ebc0d857ac276224922ff6153992fb 9.0/RPMS/libgimpprint1-devel-4.2.5-0.2.2mdk.i586.rpm
f0e61a68715e8306f5ab855c361c55fa 9.0/RPMS/libijs0-0.34-24.2mdk.i586.rpm
7cbe0c624df21e8b72d3adb5b6be6134 9.0/RPMS/libijs0-devel-0.34-24.2mdk.i586.rpm
8350469b4ad3218180e4b39a4cf74a96 9.0/RPMS/omni-0.7.1-11.2mdk.i586.rpm
b4c8beac968111896470094968d600c8 9.0/RPMS/printer-filters-1.0-84.2mdk.i586.rpm
9aa2a1367195f1d632e3bfc8cf4e7af9 9.0/RPMS/printer-testpages-1.0-84.2mdk.i586.rpm
da4818ea36b2a2d9031ec87529d33f6c 9.0/RPMS/printer-utils-1.0-84.2mdk.i586.rpm
1760b9879e7614476c4defe2cef601bf 9.0/SRPMS/printer-drivers-1.0-84.2mdk.src.rpm

Vendor URL:  www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010 (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  8.0, 8.1, 8.2, 9.0

Message History:   This archive entry is a follow-up to the message listed below.
Jan 21 2003 Mandrake Linux 'printer-drivers' Package May Yield Root Privileges to Local Users



 Source Message Contents

Subject:  [Security Announce] MDKSA-2003:010 - Updated printer-drivers


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           printer-drivers
Advisory ID:            MDKSA-2003:010
Date:                   January 21st, 2003

Affected versions:      8.0, 8.1, 8.2, 9.0
________________________________________________________________________

Problem Description:

 Karol Wiesek and iDefense disovered three vulnerabilities in the 
 printer-drivers package and tools it installs.  These vulnerabilities 
 allow a local attacker to empty or create any file on the filesystem.
 
 The first vulnerability is in the mtink binary, which has a buffer 
 overflow in its handling of the HOME environment variable.
 
 The second vulnerability is in the escputil binary, which has a buffer 
 overflow in the parsing of the --printer-name command line argument.  
 This is only possible when esputil is suid or sgid; in Mandrake Linux 
 9.0 it was sgid "sys".  Successful exploitation will provide the 
 attacker with the privilege of the group "sys".
 
 The third vulnerability is in the ml85p binary which contains a race 
 condition in the opening of a temporary file.  By default this file is 
 installed suid root so it can be used to gain root privilege.  The only 
 caveat is that this file is not executable by other, only by root or 
 group "sys".  Using either of the two previous vulnerabilities, an 
 attacker can exploit one of them to obtain "sys" privilege" and then 
 use that to exploit this vulnerability to gain root privilege.
 
 MandrakeSoft encourages all users to upgrade immediately.
 
 Aside from the security vulnerabilities, a number of bugfixes are
 included in this update, for Mandrake Linux 9.0 users.  GIMP-Print 
 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic 
 snapshot are included.  For a list of the many bugfixes, please refer 
 to the RPM changelog.
________________________________________________________________________

References:
  
  http://www.idefense.com/advisory/01.21.03a.txt
________________________________________________________________________

Updated Packages:
  
 Mandrake Linux 8.0:
 f73ac236476e42edb47c6de8bddf3bf6  8.0/RPMS/ghostscript-5.50-67.1mdk.i586.rpm
 194d3d3150830529262cd562084b2748  8.0/RPMS/ghostscript-module-SVGALIB-5.50-67.1mdk.i586.rpm
 237a8a46e63c3d364426e24700121f5d  8.0/RPMS/ghostscript-module-X-5.50-67.1mdk.i586.rpm
 46a3685b6b609550996fdfb443f08ee5  8.0/RPMS/ghostscript-utils-5.50-67.1mdk.i586.rpm
 c444a6dc72f986760fc79f04171b4248  8.0/SRPMS/ghostscript-5.50-67.1mdk.src.rpm

 Mandrake Linux 8.1:
 1c099c00b6048a3cb4388a5d14d50e83  8.1/RPMS/cups-drivers-1.1-15.1mdk.i586.rpm
 9f9e63f6d1c3824af50e11c22b92734a  8.1/RPMS/foomatic-1.1-0.20010923.1mdk.i586.rpm
 007184bfd509d6b1af39e52be5388fc5  8.1/RPMS/ghostscript-6.51-24.1mdk.i586.rpm
 034d87218640f50e3a7718018020cb05  8.1/RPMS/ghostscript-module-SVGALIB-6.51-24.1mdk.i586.rpm
 6066643d9abba4c6ac9fdad5b551cb7e  8.1/RPMS/ghostscript-module-X-6.51-24.1mdk.i586.rpm
 c6a17df239c3ddd445ce9f2bc555d4cd  8.1/RPMS/libgimpprint1-4.1.99-16.1mdk.i586.rpm
 f755acbe2e2f3d9e655878128e9093ce  8.1/RPMS/libgimpprint1-devel-4.1.99-16.1mdk.i586.rpm
 2461154aa9964328e581d7a5783bdb30  8.1/RPMS/omni-0.4-11.1mdk.i586.rpm
 9aa152eb8ed7ce8a786314ccf05aa0e7  8.1/RPMS/printer-filters-1.0-15.1mdk.i586.rpm
 5739c7c8a224c195ac2022c67b80b7e2  8.1/RPMS/printer-testpages-1.0-15.1mdk.i586.rpm
 a03fe3c9df2d3bca85fcc7251bdd642e  8.1/RPMS/printer-utils-1.0-15.1mdk.i586.rpm
 ef1b8de6afb6564ded010866e004ed90  8.1/SRPMS/printer-drivers-1.0-15.1mdk.src.rpm

 Mandrake Linux 8.2:
 3e337348a3f33d95c36f038d86eb2fc3  8.2/RPMS/cups-drivers-1.1-48.2mdk.i586.rpm
 a6a6d768dd87e97622b2ed23a9d87b71  8.2/RPMS/foomatic-1.1-0.20020323mdk.i586.rpm
 40671ccb5c3bb2968de5ed0149620b1e  8.2/RPMS/ghostscript-6.53-13.2mdk.i586.rpm
 49a34a44f9f56081691d7aea19227ad9  8.2/RPMS/ghostscript-module-SVGALIB-6.53-13.2mdk.i586.rpm
 06910c0a6486ac8d2bbca180f6788039  8.2/RPMS/ghostscript-module-X-6.53-13.2mdk.i586.rpm
 043cd354df0edbfe9541187d6fe0003f  8.2/RPMS/gimpprint-4.2.1-0.pre5.2mdk.i586.rpm
 7b72e1912f52e299c414c863fd6bac99  8.2/RPMS/libgimpprint1-4.2.1-0.pre5.2mdk.i586.rpm
 ac7867720301cdbe22f78205464625d0  8.2/RPMS/libgimpprint1-devel-4.2.1-0.pre5.2mdk.i586.rpm
 71c1bf91eb6a2c4e67bcc5f2701fa318  8.2/RPMS/omni-0.6.0-2.2mdk.i586.rpm
 30b7a5bf39d72f92f6a705a64616b4a6  8.2/RPMS/printer-filters-1.0-48.2mdk.i586.rpm
 f574df2c4907b44de93371d533a98d3e  8.2/RPMS/printer-testpages-1.0-48.2mdk.i586.rpm
 889b82046f705b8cdb34d8bcc10493ee  8.2/RPMS/printer-utils-1.0-48.2mdk.i586.rpm
 2118f3e17f58f70dc4dc91e9c92b7ab0  8.2/SRPMS/printer-drivers-1.0-48.2mdk.src.rpm

 Mandrake Linux 9.0:
 1a37c30fff3477daa2daf751f0c9bc0a  9.0/RPMS/cups-drivers-1.1-84.2mdk.i586.rpm
 3de7cba3d95989049cb11995de2308c1  9.0/RPMS/foomatic-2.0.2-20021220.2.2mdk.i586.rpm
 b4fc5535711e41e06105982f7bfec62b  9.0/RPMS/ghostscript-7.05-33.2mdk.i586.rpm
 cee4fb4252d7c31e34d21f79de9600f6  9.0/RPMS/ghostscript-module-X-7.05-33.2mdk.i586.rpm
 824251708aed6bf396c6e97563a1ee4b  9.0/RPMS/gimpprint-4.2.5-0.2.2mdk.i586.rpm
 d55709ae91e0c0d9a33d2a3e91e7d4c1  9.0/RPMS/libgimpprint1-4.2.5-0.2.2mdk.i586.rpm
 66ebc0d857ac276224922ff6153992fb  9.0/RPMS/libgimpprint1-devel-4.2.5-0.2.2mdk.i586.rpm
 f0e61a68715e8306f5ab855c361c55fa  9.0/RPMS/libijs0-0.34-24.2mdk.i586.rpm
 7cbe0c624df21e8b72d3adb5b6be6134  9.0/RPMS/libijs0-devel-0.34-24.2mdk.i586.rpm
 8350469b4ad3218180e4b39a4cf74a96  9.0/RPMS/omni-0.7.1-11.2mdk.i586.rpm
 b4c8beac968111896470094968d600c8  9.0/RPMS/printer-filters-1.0-84.2mdk.i586.rpm
 9aa2a1367195f1d632e3bfc8cf4e7af9  9.0/RPMS/printer-testpages-1.0-84.2mdk.i586.rpm
 da4818ea36b2a2d9031ec87529d33f6c  9.0/RPMS/printer-utils-1.0-84.2mdk.i586.rpm
 1760b9879e7614476c4defe2cef601bf  9.0/SRPMS/printer-drivers-1.0-84.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
  
  594 - cupsomatic+ghostscript+hpijs stop working
  641 - foomatic-gswrapper causes printing to fail
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig <filename>

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
EJGXlA==
=yGlX
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+LZttmqjQ0CJFipgRAl/TAJ9beeiVE1awGYPAGuueuoIlHeHr/QCZAQEw
N7/VkpZUgbsyxs/d33oDPvY=
=pWx4
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC