SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CUPS Vendors:   Easy Software Products
(Mandrake Issues Fix) CUPS Browsing Can Be Disabled By Remote Users
SecurityTracker Alert ID:  1011300
SecurityTracker URL:  http://securitytracker.com/id/1011300
CVE Reference:   CVE-2004-0558   (Links to External Site)
Date:  Sep 16 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Common UNIX Printing System (CUPS). A remote user can disable browsing.

Debian reported that a remote user can send a sepcially crafted UDP packet containing illegal URL characters to cupsd on port 631 to cause denial of service conditions.

The flaw resides in 'scheduler/dirsvc.c'.

Alvaro Martinez Echevarria is credited with discovering and patching the flaw.

Impact:   A remote user can disable CUPS browsing.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
6f786e3ec36e246d7370f492e53e8071 10.0/RPMS/cups-1.1.20-5.1.100mdk.i586.rpm
3b648685e2d6daca32c19f0c911c2a2d 10.0/RPMS/cups-common-1.1.20-5.1.100mdk.i586.rpm
c38951a854429442227c08493ce95b10 10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.i586.rpm
68d867e3151cc40be946f7e6585718b3 10.0/RPMS/libcups2-1.1.20-5.1.100mdk.i586.rpm
73a61738b404f9ffe2f5d33d999c58d8 10.0/RPMS/libcups2-devel-1.1.20-5.1.100mdk.i586.rpm
dbf32babe26d1b9bf922839fd4f64409 10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
9dd4e92fa6761ce6414583f3673dab6b amd64/10.0/RPMS/cups-1.1.20-5.1.100mdk.amd64.rpm
e49fdc4df0ab800ad48c24a87117a63f amd64/10.0/RPMS/cups-common-1.1.20-5.1.100mdk.amd64.rpm
ccc5ae05b07c3a56eb30cfe3a95e2aea amd64/10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.amd64.rpm
a816a4ad33164d23d0a5425b900d9ce0 amd64/10.0/RPMS/lib64cups2-1.1.20-5.1.100mdk.amd64.rpm
feeed14726902046368619d8e5f680c4 amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.1.100mdk.amd64.rpm
dbf32babe26d1b9bf922839fd4f64409 amd64/10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm

Corporate Server 2.1:
142f95c8680e081dfbfb53e586de0758 corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.i586.rpm
13510fb948f686e81cb0e43ed199a5c9 corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.i586.rpm
fe7759d16276087aea078a4666d27264 corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.i586.rpm
d5a3ad2d14a730b633153bc486f8d043 corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.i586.rpm
b1ac7b51317da42444ea35e5e3e1def3 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.i586.rpm
0cfaa49e8d722afad7886998121a8ef2 corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
53d838ecedc3d39880e43476cdba933d x86_64/corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.x86_64.rpm
71df87e1abeb7cbf1dff2d206476f149 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.x86_64.rpm
93d9708fbbc34f7ea44b40f193a35bf1 x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.x86_64.rpm
4a2d2ace8e2ddf9e29061fff3b0b2e72 x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.x86_64.rpm
7edc440141df40c2dbfb814c7221e511 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.x86_64.rpm
0cfaa49e8d722afad7886998121a8ef2 x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm

Mandrakelinux 9.2:
b46e23e49906b9837f8ff8a2f1551a1a 9.2/RPMS/cups-1.1.19-10.1.92mdk.i586.rpm
41882610ebe7ef19c62d0466a3b856bd 9.2/RPMS/cups-common-1.1.19-10.1.92mdk.i586.rpm
80285eaf595e788bf83cb06c3be6399b 9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.i586.rpm
eeb50273236cab134566e4ba9aa19de7 9.2/RPMS/libcups2-1.1.19-10.1.92mdk.i586.rpm
9eebdc74a019cbf01a36e91cb0f2da38 9.2/RPMS/libcups2-devel-1.1.19-10.1.92mdk.i586.rpm
b2badd330ea284850e42f9107bb178cf 9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
bd01da75ac66983321eca2394853eb56 amd64/9.2/RPMS/cups-1.1.19-10.1.92mdk.amd64.rpm
865443156fd350d0b06c1696f923d413 amd64/9.2/RPMS/cups-common-1.1.19-10.1.92mdk.amd64.rpm
78ed4c034ee5fa27b85dd89d909a1a3c amd64/9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.amd64.rpm
7e868f59baa290fbef9f933ac76156ce amd64/9.2/RPMS/lib64cups2-1.1.19-10.1.92mdk.amd64.rpm
db3266a647e39805f0b9f36fa87dcac1 amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.1.92mdk.amd64.rpm
b2badd330ea284850e42f9107bb178cf amd64/9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm

Vendor URL:  www.cups.org/ (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  10.0, 9.2, Corporate Server 2.1

Message History:   This archive entry is a follow-up to the message listed below.
Sep 15 2004 CUPS Browsing Can Be Disabled By Remote Users



 Source Message Contents

Subject:  [Security Announce] MDKSA-2004:097 - Updated cups packages fix


This is a multi-part message in MIME format...

------------=_1095276355-12666-4639

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cups
 Advisory ID:            MDKSA-2004:097
 Date:                   September 15th, 2004

 Affected versions:	 10.0, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Alvaro Martinez Echevarria discovered a vulnerability in the CUPS
 print server where an empty UDP datagram sent to port 631 (the default
 port that cupsd listens to) would disable browsing.  This would
 prevent cupsd from seeing any remote printers or any future remote
 printer changes.
 
 The updated packages are patched to protect against this vulnerability.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
  http://www.cups.org/str.php?L863
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 6f786e3ec36e246d7370f492e53e8071  10.0/RPMS/cups-1.1.20-5.1.100mdk.i586.rpm
 3b648685e2d6daca32c19f0c911c2a2d  10.0/RPMS/cups-common-1.1.20-5.1.100mdk.i586.rpm
 c38951a854429442227c08493ce95b10  10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.i586.rpm
 68d867e3151cc40be946f7e6585718b3  10.0/RPMS/libcups2-1.1.20-5.1.100mdk.i586.rpm
 73a61738b404f9ffe2f5d33d999c58d8  10.0/RPMS/libcups2-devel-1.1.20-5.1.100mdk.i586.rpm
 dbf32babe26d1b9bf922839fd4f64409  10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 9dd4e92fa6761ce6414583f3673dab6b  amd64/10.0/RPMS/cups-1.1.20-5.1.100mdk.amd64.rpm
 e49fdc4df0ab800ad48c24a87117a63f  amd64/10.0/RPMS/cups-common-1.1.20-5.1.100mdk.amd64.rpm
 ccc5ae05b07c3a56eb30cfe3a95e2aea  amd64/10.0/RPMS/cups-serial-1.1.20-5.1.100mdk.amd64.rpm
 a816a4ad33164d23d0a5425b900d9ce0  amd64/10.0/RPMS/lib64cups2-1.1.20-5.1.100mdk.amd64.rpm
 feeed14726902046368619d8e5f680c4  amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.1.100mdk.amd64.rpm
 dbf32babe26d1b9bf922839fd4f64409  amd64/10.0/SRPMS/cups-1.1.20-5.1.100mdk.src.rpm

 Corporate Server 2.1:
 142f95c8680e081dfbfb53e586de0758  corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.i586.rpm
 13510fb948f686e81cb0e43ed199a5c9  corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.i586.rpm
 fe7759d16276087aea078a4666d27264  corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.i586.rpm
 d5a3ad2d14a730b633153bc486f8d043  corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.i586.rpm
 b1ac7b51317da42444ea35e5e3e1def3  corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.i586.rpm
 0cfaa49e8d722afad7886998121a8ef2  corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 53d838ecedc3d39880e43476cdba933d  x86_64/corporate/2.1/RPMS/cups-1.1.18-2.3.C21mdk.x86_64.rpm
 71df87e1abeb7cbf1dff2d206476f149  x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.3.C21mdk.x86_64.rpm
 93d9708fbbc34f7ea44b40f193a35bf1  x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.3.C21mdk.x86_64.rpm
 4a2d2ace8e2ddf9e29061fff3b0b2e72  x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.3.C21mdk.x86_64.rpm
 7edc440141df40c2dbfb814c7221e511  x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.3.C21mdk.x86_64.rpm
 0cfaa49e8d722afad7886998121a8ef2  x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.3.C21mdk.src.rpm

 Mandrakelinux 9.2:
 b46e23e49906b9837f8ff8a2f1551a1a  9.2/RPMS/cups-1.1.19-10.1.92mdk.i586.rpm
 41882610ebe7ef19c62d0466a3b856bd  9.2/RPMS/cups-common-1.1.19-10.1.92mdk.i586.rpm
 80285eaf595e788bf83cb06c3be6399b  9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.i586.rpm
 eeb50273236cab134566e4ba9aa19de7  9.2/RPMS/libcups2-1.1.19-10.1.92mdk.i586.rpm
 9eebdc74a019cbf01a36e91cb0f2da38  9.2/RPMS/libcups2-devel-1.1.19-10.1.92mdk.i586.rpm
 b2badd330ea284850e42f9107bb178cf  9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 bd01da75ac66983321eca2394853eb56  amd64/9.2/RPMS/cups-1.1.19-10.1.92mdk.amd64.rpm
 865443156fd350d0b06c1696f923d413  amd64/9.2/RPMS/cups-common-1.1.19-10.1.92mdk.amd64.rpm
 78ed4c034ee5fa27b85dd89d909a1a3c  amd64/9.2/RPMS/cups-serial-1.1.19-10.1.92mdk.amd64.rpm
 7e868f59baa290fbef9f933ac76156ce  amd64/9.2/RPMS/lib64cups2-1.1.19-10.1.92mdk.amd64.rpm
 db3266a647e39805f0b9f36fa87dcac1  amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.1.92mdk.amd64.rpm
 b2badd330ea284850e42f9107bb178cf  amd64/9.2/SRPMS/cups-1.1.19-10.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBSJATmqjQ0CJFipgRAgi4AJ4hX3e+0849lql7lwNX37B6Wk3I8gCfceiU
lMl3gN7n7Pvj20zxNFqdGtM=
=5r+U
-----END PGP SIGNATURE-----


------------=_1095276355-12666-4639
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1095276355-12666-4639--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC