Lucene search
SuseSUSE-SA:2004:031HistorySep 15, 2004 - 2:45 p.m.
remote code execution in cups
2004-09-1514:45:26
lists.opensuse.org
17
0.965 High
EPSS
Percentile
99.5%
The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user ‘lp’.
Solution
If you use CUPS, we recommend an update in any case. Additionally the IPP port (TCP port 631) should be firewalled and the printing ACLs should be set up in a way to reflect the local security policy.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.0 | x86_64 | cups-libs | < 1.1.19-93 | cups-libs-1.1.19-93.x86_64.rpm |
| openSUSE | 8.1 | i586 | cups-libs | < 1.1.15-170 | cups-libs-1.1.15-170.i586.rpm |
| openSUSE | 8.2 | i586 | cups-client | < 1.1.18-96 | cups-client-1.1.18-96.i586.rpm |
| openSUSE | 9.0 | x86_64 | cups-client | < 1.1.19-93 | cups-client-1.1.19-93.x86_64.rpm |
| openSUSE | 8.2 | i586 | cups-libs | < 1.1.18-96 | cups-libs-1.1.18-96.i586.rpm |
| openSUSE | 9.1 | x86_64 | cups-client | < 1.1.20-108.8 | cups-client-1.1.20-108.8.x86_64.rpm |
| openSUSE | 9.1 | i586 | cups-client | < 1.1.20-108.8 | cups-client-1.1.20-108.8.i586.rpm |
| openSUSE | 8.1 | i586 | cups | < 1.1.15-170 | cups-1.1.15-170.i586.rpm |
| openSUSE | 9.1 | i586 | foomatic-filters | < 3.0.1-41.6 | foomatic-filters-3.0.1-41.6.i586.rpm |
| openSUSE | 9.0 | x86_64 | foomatic-filters | < 3.0.0-100 | foomatic-filters-3.0.0-100.x86_64.rpm |
Related
openvas
openvas
SLES9: Security update for Mozilla
2009-10-10 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
Slackware Advisory SSA:2004-223-01 Mozilla
2012-09-11 00:00:00
nessus
nessus
RHEL 2.1 / 3 : mozilla (RHSA-2004:421)
2004-08-05 00:00:00
Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)
2005-07-13 00:00:00
Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)
2004-08-22 00:00:00
redhat
redhat
(RHSA-2004:421) mozilla security update
2004-08-04 00:00:00
(RHSA-2004:449) cups security update
2004-09-15 00:00:00
(RHSA-2004:480) ImageMagick security update
2004-10-20 00:00:00
suse
suse
remote DoS condition in apache2
2004-09-06 13:51:41
remote file disclosure in samba
2004-10-05 14:57:32
various vulnerabilities in mozilla
2004-10-06 13:11:21
slackware
slackware
[slackware-security] Mozilla
2004-08-10 21:17:12
[slackware-security] CUPS DoS
2004-09-22 20:38:36
securityvulns
securityvulns
[ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities
2004-08-25 00:00:00
MDKSA-2004:097 - Updated cups packages fix DoS vulnerability
2004-09-16 00:00:00
gentoo
gentoo
Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities
2004-08-23 00:00:00
CUPS: Denial of service vulnerability
2004-09-20 00:00:00
mpg123: Buffer overflow vulnerability
2004-09-16 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
freebsd
freebsd
cups -- print queue browser denial-of-service
2004-08-23 00:00:00
mozilla -- automated file upload
2004-04-28 00:00:00
mozilla -- POP client heap overflow
2004-07-22 00:00:00
osv
osv
cupsys - denial of service
2004-09-15 00:00:00
imagemagick - buffer overflows
2004-09-16 00:00:00
mozilla-firefox - frame injection spoofing
2005-08-15 00:00:00
cve
cve
debian
debian
[SECURITY] [DSA 545-1] New cupsys packages fix denial of service
2004-09-15 16:55:55
[SECURITY] [DSA 564-1] New mpg123 packages fix arbitrary code exceution
2004-10-13 13:00:34
[SECURITY] [DSA 547-1] New Imagemagic packages fix buffer overflows
2004-09-16 10:10:31
cert
cert
Mozilla contains a buffer overflow in the SendUidl() function
2004-08-20 00:00:00
Mozilla status elements can be disabled via JavaScript
2004-12-17 00:00:00
Mozilla fails to validate the DN of X.509 certificates
2004-08-23 00:00:00
ubuntu
ubuntu
imagemagick vulnerabilities
2004-12-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla SOAPParameter Integer Overflow (CVE-2004-0722)
2010-03-15 00:00:00
Mozilla Firefox onunload SSL Certificate Spoofing (CVE-2004-0763)
2009-11-19 00:00:00
libpng Transparency Chunk Length Buffer Overflow (CVE-2004-0597)
2010-02-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-07-26 12:55:09
coresecurity
coresecurity
MSN Messenger PNG Image Parsing Vulnerability
2005-02-08 00:00:00