SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   foomatic-filters Vendors:   linuxprinting.org
(Fedora Issues Fix for FC2) Foomatic Bug in foomatic-rip Filter Lets Remote Users Execute Commands
SecurityTracker Alert ID:  1011401
SecurityTracker URL:  http://securitytracker.com/id/1011401
CVE Reference:   CVE-2004-0801   (Links to External Site)
Date:  Sep 23 2004
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.0.2
Description:   A vulnerability was reported in Foomatic in the foomatic-rip filter (part of foomatic-filters package). A remote or local user can execute commands on the target system.

The vendor reported that a remote or local user with access to CUPS can execute commands on the target system with 'lp' (or similar) user privileges.

Impact:   A remote or local user can execute commands with 'lp' user privileges.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

cab9692a6b2b0161f73b1b9039c6f491 SRPMS/foomatic-3.0.1-3.1.src.rpm
46227411cf108d7436169f198514aca0 x86_64/foomatic-3.0.1-3.1.x86_64.rpm
ea451e8bd0b25fbcd5d22faad369a4fb x86_64/debug/foomatic-debuginfo-3.0.1-3.1.x86_64.rpm
571e627239ed4bb5c53d7298f54a56de i386/foomatic-3.0.1-3.1.i386.rpm
7eac2a20ce6fd91a7be07c9b797d3fc6 i386/debug/foomatic-debuginfo-3.0.1-3.1.i386.rpm

Vendor URL:  www.linuxprinting.org/pipermail/foomatic-devel/2004q3/001996.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2

Message History:   This archive entry is a follow-up to the message listed below.
Sep 15 2004 Foomatic Bug in foomatic-rip Filter Lets Remote Users Execute Commands



 Source Message Contents

Subject:  [SECURITY] Fedora Core 2 Update: foomatic-3.0.1-3.1



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-303
2004-09-21
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : foomatic
Version     : 3.0.1                      
Release     : 3.1                  
Summary     : Foomatic printer database.
Description :
Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. It contains utilities to
generate driver description files and printer queues for CUPS, LPD,
LPRng, and PDQ using the database. There is also the possibility to
read the PJL options out of PJL-capable laser printers and take them
into account at the driver description file generation.

There are spooler-independent command line interfaces to manipulate
queues (foomatic-configure) and to print files/manipulate jobs
(foomatic printjob).

The site http://www.linuxprinting.org/ is based on this database.

---------------------------------------------------------------------
Update Information:

Sebastian Krahmer reported a bug in the cupsomatic and foomatic-rip print
filters, used by the CUPS print spooler. An attacker who has printing
access could send a carefully named file to the print server causing
arbitrary commands to be executed as root. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0801 to
this issue.

---------------------------------------------------------------------
* Fri Sep 10 2004 Tim Waugh <twaugh@redhat.com> 3.0.1-3.1

- Fix security issue (CAN-2004-0801, bug #130951).  Patch from Till
  Kamppeter.


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

cab9692a6b2b0161f73b1b9039c6f491  SRPMS/foomatic-3.0.1-3.1.src.rpm
46227411cf108d7436169f198514aca0  x86_64/foomatic-3.0.1-3.1.x86_64.rpm
ea451e8bd0b25fbcd5d22faad369a4fb  x86_64/debug/foomatic-debuginfo-3.0.1-3.1.x86_64.rpm
571e627239ed4bb5c53d7298f54a56de  i386/foomatic-3.0.1-3.1.i386.rpm
7eac2a20ce6fd91a7be07c9b797d3fc6  i386/debug/foomatic-debuginfo-3.0.1-3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC