Mandrake alert: Updated printer-drivers packages fix local vulnerabilities

Posted by dave on Jan 21, 2003 3:21 PM EDT
Mailing list
Mail this story
Print this story

Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           printer-drivers
Advisory ID:            MDKSA-2003:010-1
Date:                   January 21st, 2003
Original Advisory Date: January 21st, 2003
Affected versions:
________________________________________________________________________

Problem Description:

 Karol Wiesek and iDefense disovered three vulnerabilities in the 
 printer-drivers package and tools it installs.  These vulnerabilities 
 allow a local attacker to empty or create any file on the filesystem.
 
 The first vulnerability is in the mtink binary, which has a buffer 
 overflow in its handling of the HOME environment variable.
 
 The second vulnerability is in the escputil binary, which has a buffer 
 overflow in the parsing of the --printer-name command line argument.  
 This is only possible when esputil is suid or sgid; in Mandrake Linux 
 9.0 it was sgid "sys".  Successful exploitation will provide the 
 attacker with the privilege of the group "sys".
 
 The third vulnerability is in the ml85p binary which contains a race 
 condition in the opening of a temporary file.  By default this file is 
 installed suid root so it can be used to gain root privilege.  The only 
 caveat is that this file is not executable by other, only by root or 
 group "sys".  Using either of the two previous vulnerabilities, an 
 attacker can exploit one of them to obtain "sys" privilege" and then 
 use that to exploit this vulnerability to gain root privilege.
 
 MandrakeSoft encourages all users to upgrade immediately.
 
 Aside from the security vulnerabilities, a number of bugfixes are
 included in this update, for Mandrake Linux 9.0 users.  GIMP-Print 
 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic 
 snapshot are included.  For a list of the many bugfixes, please refer 
 to the RPM changelog.
  
Update:

 Packages are now available for 8.1/IA64 and 8.2/PPC.
________________________________________________________________________

References:
  
  http://www.idefense.com/advisory/01.21.03a.txt
________________________________________________________________________

Updated Packages:
  
 Mandrake Linux 8.1/IA64:
 44b54c21acbac37b2e5d1da1b2c2b2e8  ia64/8.1/RPMS/cups-drivers-1.1-15.1mdk.ia64.rpm
 8db22a16abccf307a3d731649b0102d1  ia64/8.1/RPMS/foomatic-1.1-0.20010923.1mdk.ia64.rpm
 929ecd1433bb5b2a43e9ff0a66511844  ia64/8.1/RPMS/ghostscript-6.51-24.1mdk.ia64.rpm
 9eb840200bf4791d0ab4f6c24a97c0b7  ia64/8.1/RPMS/ghostscript-module-X-6.51-24.1mdk.ia64.rpm
 0ce228df9d29b5c83a111c70f7a5749e  ia64/8.1/RPMS/gimpprint-4.1.99-16.1mdk.ia64.rpm
 c7e289c94341fabed4a959ababf67c50  ia64/8.1/RPMS/libgimpprint1-4.1.99-16.1mdk.ia64.rpm
 2911884f58f80c1fc9256910f6f0c405  ia64/8.1/RPMS/libgimpprint1-devel-4.1.99-16.1mdk.ia64.rpm
 6908e6267b212b8f9e7472d208ffa8d4  ia64/8.1/RPMS/omni-0.4-11.1mdk.ia64.rpm
 044f93e42b72a54ea22ffe2860a9b9c2  ia64/8.1/RPMS/printer-filters-1.0-15.1mdk.ia64.rpm
 6c07bae5bc733f6af65ba07fea404c5b  ia64/8.1/RPMS/printer-testpages-1.0-15.1mdk.ia64.rpm
 dde725b757d560198884d8475ab3d790  ia64/8.1/RPMS/printer-utils-1.0-15.1mdk.ia64.rpm
 34a738aaaa143ba707bbab98b382f1de  ia64/8.1/SRPMS/printer-drivers-1.0-15.1mdk.src.rpm

 Mandrake Linux 8.2/PPC:
 44be94916206a8654ec221f88b00d7cd  ppc/8.2/RPMS/cups-drivers-1.1-48.2mdk.ppc.rpm
 e675ec1f149008fbad95f58b3d2c1e1e  ppc/8.2/RPMS/foomatic-1.1-0.20020323mdk.ppc.rpm
 845135b798e7f8615f27ca1c0b06cb97  ppc/8.2/RPMS/ghostscript-6.53-13.2mdk.ppc.rpm
 cdc8974e24bc569cc9350e7d04c96a37  ppc/8.2/RPMS/ghostscript-module-X-6.53-13.2mdk.ppc.rpm
 f2b32d66a1322dde8dcc2e12938acf73  ppc/8.2/RPMS/gimpprint-4.2.1-0.pre5.2mdk.ppc.rpm
 cb2df5391c821378538bed866c1837d3  ppc/8.2/RPMS/libgimpprint1-4.2.1-0.pre5.2mdk.ppc.rpm
 3ad48f824b2c61bf2bba3e5f5a050b1d  ppc/8.2/RPMS/libgimpprint1-devel-4.2.1-0.pre5.2mdk.ppc.rpm
 18e6c302965cb9a39a12b0fb412af1fe  ppc/8.2/RPMS/omni-0.6.0-2.2mdk.ppc.rpm
 3f98fbfd4c3bf4302cf6b6a754bcdab3  ppc/8.2/RPMS/printer-filters-1.0-48.2mdk.ppc.rpm
 89ad60d1446fadc9d144487e26607f93  ppc/8.2/RPMS/printer-testpages-1.0-48.2mdk.ppc.rpm
 2de8e1bbbc33b87910c9584a3e024832  ppc/8.2/RPMS/printer-utils-1.0-48.2mdk.ppc.rpm
 2118f3e17f58f70dc4dc91e9c92b7ab0  ppc/8.2/SRPMS/printer-drivers-1.0-48.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
  
  594 - cupsomatic+ghostscript+hpijs stop working
  641 - foomatic-gswrapper causes printing to fail
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig <filename>

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
EJGXlA==
=yGlX
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+LeNjmqjQ0CJFipgRAlX0AKDfX7Pn2tfliJnGvDAlFQXRhCiqzgCguHJ6
m60Tg2F9BFMkCoW/5roUQ5o=
=qael
-----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.