SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   foomatic-filters Vendors:   linuxprinting.org
(Mandrake Issues Fix) Foomatic Bug in foomatic-rip Filter Lets Remote Users Execute Commands
SecurityTracker Alert ID:  1011302
SecurityTracker URL:  http://securitytracker.com/id/1011302
CVE Reference:   CVE-2004-0801   (Links to External Site)
Date:  Sep 16 2004
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.0.2
Description:   A vulnerability was reported in Foomatic in the foomatic-rip filter (part of foomatic-filters package). A remote or local user can execute commands on the target system.

The vendor reported that a remote or local user with access to CUPS can execute commands on the target system with 'lp' (or similar) user privileges.

Impact:   A remote or local user can execute commands with 'lp' user privileges.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
5b60d06dd30d734ac047d3ee6f6dc772 10.0/RPMS/cups-drivers-1.1-138.2.100mdk.i586.rpm
b054fe649f49aaf755d14b797b5b6601 10.0/RPMS/foomatic-db-3.0.1-0.20040828.1.1.100mdk.i586.rpm
db087f03bd7c8725808e9b72ad328109 10.0/RPMS/foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk.i586.rpm
bc8d8726f556bf49d28dac6d60131b96 10.0/RPMS/foomatic-filters-3.0.1-0.20040828.1.1.100mdk.i586.rpm
36a87460cc5d6ea62a90b73536e904f2 10.0/RPMS/ghostscript-7.07-19.2.100mdk.i586.rpm
dd3a8164ed4959f87d8a737f7bc84b01 10.0/RPMS/ghostscript-module-X-7.07-19.2.100mdk.i586.rpm
b584cf81006355ccd974cf8845c383ca 10.0/RPMS/gimpprint-4.2.7-2.2.100mdk.i586.rpm
2a680b3686870b96498a6c2fb0aa684b 10.0/RPMS/libgimpprint1-4.2.7-2.2.100mdk.i586.rpm
e116225a8e807e81e2f94bfa5bdfd2a8 10.0/RPMS/libgimpprint1-devel-4.2.7-2.2.100mdk.i586.rpm
0de919bcb4588874ce8937257af9c699 10.0/RPMS/libijs0-0.34-76.2.100mdk.i586.rpm
1b44c0ef21bea8d59ecba973b681f0c0 10.0/RPMS/libijs0-devel-0.34-76.2.100mdk.i586.rpm
152791cb0b54d88d66870dd190007709 10.0/RPMS/printer-filters-1.0-138.2.100mdk.i586.rpm
94849ae591daa6abb27c329262d34510 10.0/RPMS/printer-testpages-1.0-138.2.100mdk.i586.rpm
817bb3003924bda9143a4ba9fc41f07b 10.0/RPMS/printer-utils-1.0-138.2.100mdk.i586.rpm
252ce79ceeb44363fcca69e8fae3124f 10.0/SRPMS/printer-drivers-1.0-138.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
f77b65e84043e7e426127724e6c926fd amd64/10.0/RPMS/cups-drivers-1.1-138.2.100mdk.amd64.rpm
5f74d92859cd3423ffa69e88dfb397fb amd64/10.0/RPMS/foomatic-db-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
cbc7f870d50c30cdaaa3318ffd9f7cfa amd64/10.0/RPMS/foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
513edd72b47ea666813d98bf9572ae10 amd64/10.0/RPMS/foomatic-filters-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
1656f00628486bddffefc924acdb4bfe amd64/10.0/RPMS/ghostscript-7.07-19.2.100mdk.amd64.rpm
4fbad78a6df7915e83d9cb20a6d59939 amd64/10.0/RPMS/ghostscript-module-X-7.07-19.2.100mdk.amd64.rpm
ad6683d164413b5ca4571a40e78df9f3 amd64/10.0/RPMS/gimpprint-4.2.7-2.2.100mdk.amd64.rpm
f9745491ae1a8f0634107cd7f41d76b2 amd64/10.0/RPMS/lib64gimpprint1-4.2.7-2.2.100mdk.amd64.rpm
0c7f9f7109ef86406c0d32191aa77fc2 amd64/10.0/RPMS/lib64gimpprint1-devel-4.2.7-2.2.100mdk.amd64.rpm
d8b8c565cb72e876aceda04de4ad2832 amd64/10.0/RPMS/lib64ijs0-0.34-76.2.100mdk.amd64.rpm
ed95b407652ab7064837399003bb9553 amd64/10.0/RPMS/lib64ijs0-devel-0.34-76.2.100mdk.amd64.rpm
462a427f75ccf5d024c793eb829ae025 amd64/10.0/RPMS/printer-filters-1.0-138.2.100mdk.amd64.rpm
bcad49c7a9063a7856473b1ce969e36b amd64/10.0/RPMS/printer-testpages-1.0-138.2.100mdk.amd64.rpm
37339dff70409896959a6f4d4b8af1e7 amd64/10.0/RPMS/printer-utils-1.0-138.2.100mdk.amd64.rpm
252ce79ceeb44363fcca69e8fae3124f amd64/10.0/SRPMS/printer-drivers-1.0-138.2.100mdk.src.rpm

Mandrakelinux 9.2:
e46b265555a2075d363d746933e88870 9.2/RPMS/cups-drivers-1.1-116.1.92mdk.i586.rpm
f2e8df86c2cc434c6b3a2d788b22069b 9.2/RPMS/foomatic-db-3.0-1.20030908.3.1.92mdk.i586.rpm
452cc2b7a3d3dfae90818f2c70112c75 9.2/RPMS/foomatic-db-engine-3.0-1.20030908.3.1.92mdk.i586.rpm
4d3926f1a28c1d958e453d01a1708811 9.2/RPMS/foomatic-filters-3.0-1.20030908.3.1.92mdk.i586.rpm
b83e8b68601c4c576e4354229f541092 9.2/RPMS/ghostscript-7.07-0.12.1.92mdk.i586.rpm
ea2f04d7cb9a17ed26e5c0c71711c54c 9.2/RPMS/ghostscript-module-X-7.07-0.12.1.92mdk.i586.rpm
488ad952dc1560ce2b2eba223f692ae1 9.2/RPMS/gimpprint-4.2.5-30.1.92mdk.i586.rpm
e491c8a7e4fc6edbf205c4539d50806d 9.2/RPMS/libgimpprint1-4.2.5-30.1.92mdk.i586.rpm
4e2d702a616369ef122b16a112923c3c 9.2/RPMS/libgimpprint1-devel-4.2.5-30.1.92mdk.i586.rpm
f9a5f949e4342b550a52112aba77fdde 9.2/RPMS/libijs0-0.34-56.1.92mdk.i586.rpm
4bf9b3b6b6f210490dd74771f81929e8 9.2/RPMS/libijs0-devel-0.34-56.1.92mdk.i586.rpm
b8145f433d635d70228438401fba14d2 9.2/RPMS/omni-0.7.2-32.1.92mdk.i586.rpm
43850e0a55dadfd65ddbfbf3a0234264 9.2/RPMS/printer-filters-1.0-116.1.92mdk.i586.rpm
c5baf817bd47ba680733f87b546f0b2a 9.2/RPMS/printer-testpages-1.0-116.1.92mdk.i586.rpm
0e0de87f4facbb33d9716c22f6c53a0e 9.2/RPMS/printer-utils-1.0-116.1.92mdk.i586.rpm
3ac289d0ad9ccbae59ffbbff1d0ef6d0 9.2/SRPMS/printer-drivers-1.0-116.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
3805d72ab483ca73c17ec668fcfea260 amd64/9.2/RPMS/cups-drivers-1.1-116.1.92mdk.amd64.rpm
4120e7ae8d18452e0d010d9f6dad68ab amd64/9.2/RPMS/foomatic-db-3.0-1.20030908.3.1.92mdk.amd64.rpm
541fb6b621453eb2f2eb4cd3cc66bdb6 amd64/9.2/RPMS/foomatic-db-engine-3.0-1.20030908.3.1.92mdk.amd64.rpm
120453007ef1d4e2201f47bc9b435b6f amd64/9.2/RPMS/foomatic-filters-3.0-1.20030908.3.1.92mdk.amd64.rpm
ba54c898100a7e8f8a648ab6be4dff4a amd64/9.2/RPMS/ghostscript-7.07-0.12.1.92mdk.amd64.rpm
0088c1cad9cb1c5a3dcdfec551d1b436 amd64/9.2/RPMS/ghostscript-module-X-7.07-0.12.1.92mdk.amd64.rpm
ef2d193c0209974f5dc519824d4ce6ef amd64/9.2/RPMS/gimpprint-4.2.5-30.1.92mdk.amd64.rpm
7e9d6e3afd9e6f55f518693d00da089a amd64/9.2/RPMS/lib64gimpprint1-4.2.5-30.1.92mdk.amd64.rpm
b76c616669975e31b4c207edad6a64e2 amd64/9.2/RPMS/lib64gimpprint1-devel-4.2.5-30.1.92mdk.amd64.rpm
f117b249358c122cd42c86ea0ba671f6 amd64/9.2/RPMS/lib64ijs0-0.34-56.1.92mdk.amd64.rpm
9ef6acb512d398a9e68fbc52436206ca amd64/9.2/RPMS/lib64ijs0-devel-0.34-56.1.92mdk.amd64.rpm
3cf204dea9e41a3c421e30b632ff620e amd64/9.2/RPMS/omni-0.7.2-32.1.92mdk.amd64.rpm
ee634dcbe58b639f6573f4b1f735ef94 amd64/9.2/RPMS/printer-filters-1.0-116.1.92mdk.amd64.rpm
a8ce95c71a3c7a1588168fe71c72aa3f amd64/9.2/RPMS/printer-testpages-1.0-116.1.92mdk.amd64.rpm
1953aeb5c4e92e4e2c991ffabb27bbea amd64/9.2/RPMS/printer-utils-1.0-116.1.92mdk.amd64.rpm
3ac289d0ad9ccbae59ffbbff1d0ef6d0 amd64/9.2/SRPMS/printer-drivers-1.0-116.1.92mdk.src.rpm

Vendor URL:  www.linuxprinting.org/pipermail/foomatic-devel/2004q3/001996.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  9.2, 10.0

Message History:   This archive entry is a follow-up to the message listed below.
Sep 15 2004 Foomatic Bug in foomatic-rip Filter Lets Remote Users Execute Commands



 Source Message Contents

Subject:  [Security Announce] MDKSA-2004:094 - Updated printer-drivers


This is a multi-part message in MIME format...

------------=_1095265780-12666-4601

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           printer-drivers
 Advisory ID:            MDKSA-2004:094
 Date:                   September 15th, 2004

 Affected versions:	 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 The foomatic-rip filter, which is part of foomatic-filters package,
 contains a vulnerability that allows anyone with access to CUPS, local
 or remote, to execute arbitrary commands on the server.  The updated
 packages provide a fixed foomatic-rip filter that prevents this kind
 of abuse.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0801
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5b60d06dd30d734ac047d3ee6f6dc772  10.0/RPMS/cups-drivers-1.1-138.2.100mdk.i586.rpm
 b054fe649f49aaf755d14b797b5b6601  10.0/RPMS/foomatic-db-3.0.1-0.20040828.1.1.100mdk.i586.rpm
 db087f03bd7c8725808e9b72ad328109  10.0/RPMS/foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk.i586.rpm
 bc8d8726f556bf49d28dac6d60131b96  10.0/RPMS/foomatic-filters-3.0.1-0.20040828.1.1.100mdk.i586.rpm
 36a87460cc5d6ea62a90b73536e904f2  10.0/RPMS/ghostscript-7.07-19.2.100mdk.i586.rpm
 dd3a8164ed4959f87d8a737f7bc84b01  10.0/RPMS/ghostscript-module-X-7.07-19.2.100mdk.i586.rpm
 b584cf81006355ccd974cf8845c383ca  10.0/RPMS/gimpprint-4.2.7-2.2.100mdk.i586.rpm
 2a680b3686870b96498a6c2fb0aa684b  10.0/RPMS/libgimpprint1-4.2.7-2.2.100mdk.i586.rpm
 e116225a8e807e81e2f94bfa5bdfd2a8  10.0/RPMS/libgimpprint1-devel-4.2.7-2.2.100mdk.i586.rpm
 0de919bcb4588874ce8937257af9c699  10.0/RPMS/libijs0-0.34-76.2.100mdk.i586.rpm
 1b44c0ef21bea8d59ecba973b681f0c0  10.0/RPMS/libijs0-devel-0.34-76.2.100mdk.i586.rpm
 152791cb0b54d88d66870dd190007709  10.0/RPMS/printer-filters-1.0-138.2.100mdk.i586.rpm
 94849ae591daa6abb27c329262d34510  10.0/RPMS/printer-testpages-1.0-138.2.100mdk.i586.rpm
 817bb3003924bda9143a4ba9fc41f07b  10.0/RPMS/printer-utils-1.0-138.2.100mdk.i586.rpm
 252ce79ceeb44363fcca69e8fae3124f  10.0/SRPMS/printer-drivers-1.0-138.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 f77b65e84043e7e426127724e6c926fd  amd64/10.0/RPMS/cups-drivers-1.1-138.2.100mdk.amd64.rpm
 5f74d92859cd3423ffa69e88dfb397fb  amd64/10.0/RPMS/foomatic-db-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
 cbc7f870d50c30cdaaa3318ffd9f7cfa  amd64/10.0/RPMS/foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
 513edd72b47ea666813d98bf9572ae10  amd64/10.0/RPMS/foomatic-filters-3.0.1-0.20040828.1.1.100mdk.amd64.rpm
 1656f00628486bddffefc924acdb4bfe  amd64/10.0/RPMS/ghostscript-7.07-19.2.100mdk.amd64.rpm
 4fbad78a6df7915e83d9cb20a6d59939  amd64/10.0/RPMS/ghostscript-module-X-7.07-19.2.100mdk.amd64.rpm
 ad6683d164413b5ca4571a40e78df9f3  amd64/10.0/RPMS/gimpprint-4.2.7-2.2.100mdk.amd64.rpm
 f9745491ae1a8f0634107cd7f41d76b2  amd64/10.0/RPMS/lib64gimpprint1-4.2.7-2.2.100mdk.amd64.rpm
 0c7f9f7109ef86406c0d32191aa77fc2  amd64/10.0/RPMS/lib64gimpprint1-devel-4.2.7-2.2.100mdk.amd64.rpm
 d8b8c565cb72e876aceda04de4ad2832  amd64/10.0/RPMS/lib64ijs0-0.34-76.2.100mdk.amd64.rpm
 ed95b407652ab7064837399003bb9553  amd64/10.0/RPMS/lib64ijs0-devel-0.34-76.2.100mdk.amd64.rpm
 462a427f75ccf5d024c793eb829ae025  amd64/10.0/RPMS/printer-filters-1.0-138.2.100mdk.amd64.rpm
 bcad49c7a9063a7856473b1ce969e36b  amd64/10.0/RPMS/printer-testpages-1.0-138.2.100mdk.amd64.rpm
 37339dff70409896959a6f4d4b8af1e7  amd64/10.0/RPMS/printer-utils-1.0-138.2.100mdk.amd64.rpm
 252ce79ceeb44363fcca69e8fae3124f  amd64/10.0/SRPMS/printer-drivers-1.0-138.2.100mdk.src.rpm

 Mandrakelinux 9.2:
 e46b265555a2075d363d746933e88870  9.2/RPMS/cups-drivers-1.1-116.1.92mdk.i586.rpm
 f2e8df86c2cc434c6b3a2d788b22069b  9.2/RPMS/foomatic-db-3.0-1.20030908.3.1.92mdk.i586.rpm
 452cc2b7a3d3dfae90818f2c70112c75  9.2/RPMS/foomatic-db-engine-3.0-1.20030908.3.1.92mdk.i586.rpm
 4d3926f1a28c1d958e453d01a1708811  9.2/RPMS/foomatic-filters-3.0-1.20030908.3.1.92mdk.i586.rpm
 b83e8b68601c4c576e4354229f541092  9.2/RPMS/ghostscript-7.07-0.12.1.92mdk.i586.rpm
 ea2f04d7cb9a17ed26e5c0c71711c54c  9.2/RPMS/ghostscript-module-X-7.07-0.12.1.92mdk.i586.rpm
 488ad952dc1560ce2b2eba223f692ae1  9.2/RPMS/gimpprint-4.2.5-30.1.92mdk.i586.rpm
 e491c8a7e4fc6edbf205c4539d50806d  9.2/RPMS/libgimpprint1-4.2.5-30.1.92mdk.i586.rpm
 4e2d702a616369ef122b16a112923c3c  9.2/RPMS/libgimpprint1-devel-4.2.5-30.1.92mdk.i586.rpm
 f9a5f949e4342b550a52112aba77fdde  9.2/RPMS/libijs0-0.34-56.1.92mdk.i586.rpm
 4bf9b3b6b6f210490dd74771f81929e8  9.2/RPMS/libijs0-devel-0.34-56.1.92mdk.i586.rpm
 b8145f433d635d70228438401fba14d2  9.2/RPMS/omni-0.7.2-32.1.92mdk.i586.rpm
 43850e0a55dadfd65ddbfbf3a0234264  9.2/RPMS/printer-filters-1.0-116.1.92mdk.i586.rpm
 c5baf817bd47ba680733f87b546f0b2a  9.2/RPMS/printer-testpages-1.0-116.1.92mdk.i586.rpm
 0e0de87f4facbb33d9716c22f6c53a0e  9.2/RPMS/printer-utils-1.0-116.1.92mdk.i586.rpm
 3ac289d0ad9ccbae59ffbbff1d0ef6d0  9.2/SRPMS/printer-drivers-1.0-116.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 3805d72ab483ca73c17ec668fcfea260  amd64/9.2/RPMS/cups-drivers-1.1-116.1.92mdk.amd64.rpm
 4120e7ae8d18452e0d010d9f6dad68ab  amd64/9.2/RPMS/foomatic-db-3.0-1.20030908.3.1.92mdk.amd64.rpm
 541fb6b621453eb2f2eb4cd3cc66bdb6  amd64/9.2/RPMS/foomatic-db-engine-3.0-1.20030908.3.1.92mdk.amd64.rpm
 120453007ef1d4e2201f47bc9b435b6f  amd64/9.2/RPMS/foomatic-filters-3.0-1.20030908.3.1.92mdk.amd64.rpm
 ba54c898100a7e8f8a648ab6be4dff4a  amd64/9.2/RPMS/ghostscript-7.07-0.12.1.92mdk.amd64.rpm
 0088c1cad9cb1c5a3dcdfec551d1b436  amd64/9.2/RPMS/ghostscript-module-X-7.07-0.12.1.92mdk.amd64.rpm
 ef2d193c0209974f5dc519824d4ce6ef  amd64/9.2/RPMS/gimpprint-4.2.5-30.1.92mdk.amd64.rpm
 7e9d6e3afd9e6f55f518693d00da089a  amd64/9.2/RPMS/lib64gimpprint1-4.2.5-30.1.92mdk.amd64.rpm
 b76c616669975e31b4c207edad6a64e2  amd64/9.2/RPMS/lib64gimpprint1-devel-4.2.5-30.1.92mdk.amd64.rpm
 f117b249358c122cd42c86ea0ba671f6  amd64/9.2/RPMS/lib64ijs0-0.34-56.1.92mdk.amd64.rpm
 9ef6acb512d398a9e68fbc52436206ca  amd64/9.2/RPMS/lib64ijs0-devel-0.34-56.1.92mdk.amd64.rpm
 3cf204dea9e41a3c421e30b632ff620e  amd64/9.2/RPMS/omni-0.7.2-32.1.92mdk.amd64.rpm
 ee634dcbe58b639f6573f4b1f735ef94  amd64/9.2/RPMS/printer-filters-1.0-116.1.92mdk.amd64.rpm
 a8ce95c71a3c7a1588168fe71c72aa3f  amd64/9.2/RPMS/printer-testpages-1.0-116.1.92mdk.amd64.rpm
 1953aeb5c4e92e4e2c991ffabb27bbea  amd64/9.2/RPMS/printer-utils-1.0-116.1.92mdk.amd64.rpm
 3ac289d0ad9ccbae59ffbbff1d0ef6d0  amd64/9.2/SRPMS/printer-drivers-1.0-116.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBSGpUmqjQ0CJFipgRApTFAJ9Dq19mr5vUI6oJakdt2k3/RnsECACfYSZx
5Jwv6WsUJH/3Wj9tiua1Jy4=
=uMtu
-----END PGP SIGNATURE-----


------------=_1095265780-12666-4601
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1095265780-12666-4601--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC