Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
cups
(Unknown)
Описание
Ошибка переполнения на один байт в функции ippReadIO в cups/ipp.c в CUPS позволяет злоумышленникам, действующим удаленно, вызвать отказ в обслуживании (аварийное завершение), используя специально сформированные тэги textWithLanguage или nameWithLanguage протокола Internet Printing Protocol (IPP), которые приводят к переполнению буфера в стеке.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.cups.org/
http://www.cups.org/
Ссылки
CERT (TA07-352A): http://www.us-cert.gov/cas/techalerts/TA07-352A.html
CERT-VN (VU#446897): http://www.kb.cert.org/vuls/id/446897
FEDORA (FEDORA-2007-2715): https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00012.html
CONFIRM (https://issues.rpath.com/browse/RPL-1875): https://issues.rpath.com/browse/RPL-1875
CONFIRM (https://bugzilla.redhat.com/show_bug.cgi?id=361661): https://bugzilla.redhat.com/show_bug.cgi?id=361661
XF (cups-ippreadio-bo(38190)): http://xforce.iss.net/xforce/xfdb/38190
UBUNTU (USN-539-1): http://www.ubuntulinux.org/support/documentation/usn/usn-539-1
SECTRACK (1018879): http://www.securitytracker.com/id?1018879
BID (26268): http://www.securityfocus.com/bid/26268
REDHAT (RHSA-2007:1023): http://www.redhat.com/support/errata/RHSA-2007-1023.html
REDHAT (RHSA-2007:1022): http://www.redhat.com/support/errata/RHSA-2007-1022.html
REDHAT (RHSA-2007:1020): http://www.redhat.com/support/errata/RHSA-2007-1020.html
SUSE (SUSE-SA:2007:058): http://www.novell.com/linux/security/advisories/2007_58_cups.html
MANDRIVA (MDKSA-2007:204): http://www.mandriva.com/security/advisories?name=MDKSA-2007:204
VUPEN (ADV-2008-1934): http://www.frsirt.com/english/advisories/2008/1934/references
VUPEN (ADV-2007-4238): http://www.frsirt.com/english/advisories/2007/4238
VUPEN (ADV-2007-3681): http://www.frsirt.com/english/advisories/2007/3681
DEBIAN (DSA-1407): http://www.debian.org/security/2007/dsa-1407
CONFIRM (http://www.cups.org/str.php?L2561): http://www.cups.org/str.php?L2561
CISCO (20080625 Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability): http://www.cisco.com/en/US/products/products_security_response09186a00809a1f11.html
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm): http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm
SLACKWARE (SSA:2007-305-01): http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.501902
GENTOO (GLSA-200711-16): http://security.gentoo.org/glsa/glsa-200711-16.xml
MISC (APPLE (APPLE-SA-2007-12-17): http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
CONFIRM (http://docs.info.apple.com/article.html?artnum=307179): http://docs.info.apple.com/article.html?artnum=307179
CERT-VN (VU#446897): http://www.kb.cert.org/vuls/id/446897
FEDORA (FEDORA-2007-2715): https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00012.html
CONFIRM (https://issues.rpath.com/browse/RPL-1875): https://issues.rpath.com/browse/RPL-1875
CONFIRM (https://bugzilla.redhat.com/show_bug.cgi?id=361661): https://bugzilla.redhat.com/show_bug.cgi?id=361661
XF (cups-ippreadio-bo(38190)): http://xforce.iss.net/xforce/xfdb/38190
UBUNTU (USN-539-1): http://www.ubuntulinux.org/support/documentation/usn/usn-539-1
SECTRACK (1018879): http://www.securitytracker.com/id?1018879
BID (26268): http://www.securityfocus.com/bid/26268
REDHAT (RHSA-2007:1023): http://www.redhat.com/support/errata/RHSA-2007-1023.html
REDHAT (RHSA-2007:1022): http://www.redhat.com/support/errata/RHSA-2007-1022.html
REDHAT (RHSA-2007:1020): http://www.redhat.com/support/errata/RHSA-2007-1020.html
SUSE (SUSE-SA:2007:058): http://www.novell.com/linux/security/advisories/2007_58_cups.html
MANDRIVA (MDKSA-2007:204): http://www.mandriva.com/security/advisories?name=MDKSA-2007:204
VUPEN (ADV-2008-1934): http://www.frsirt.com/english/advisories/2008/1934/references
VUPEN (ADV-2007-4238): http://www.frsirt.com/english/advisories/2007/4238
VUPEN (ADV-2007-3681): http://www.frsirt.com/english/advisories/2007/3681
DEBIAN (DSA-1407): http://www.debian.org/security/2007/dsa-1407
CONFIRM (http://www.cups.org/str.php?L2561): http://www.cups.org/str.php?L2561
CISCO (20080625 Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability): http://www.cisco.com/en/US/products/products_security_response09186a00809a1f11.html
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm): http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm
SLACKWARE (SSA:2007-305-01): http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.501902
GENTOO (GLSA-200711-16): http://security.gentoo.org/glsa/glsa-200711-16.xml
MISC (APPLE (APPLE-SA-2007-12-17): http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
CONFIRM (http://docs.info.apple.com/article.html?artnum=307179): http://docs.info.apple.com/article.html?artnum=307179