漏洞信息详情
CUPS文件描述符泄露远程拒绝服务攻击漏洞
- CNNVD编号:CNNVD-200212-066
- 危害等级: 低危
- CVE编号: CVE-2002-1372
- 漏洞类型: 访问验证错误
- 发布时间: 2002-12-26
- 威胁类型: 远程
- 更新时间: 2006-01-18
- 厂 商: easy_software_products
- 漏洞来源: iDEFENSE Labs※ lab...
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Common Unix Printing System(CUPS)是美国苹果(CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple)公司的一套开源的用于OS X和类Unix系统的打印系统。该系统基于Internet打印协议(IPP),提供大多数PostScript和raster打印机服务。 CUPS在部分环境下会泄露文件描述符信息,远程攻击者可以利用这个漏洞进行对CUPS进行拒绝服务攻击。 在返回多个文件和套接口操作时没有正确检查返回值,可导致文件描述符信息泄露,攻击者可以通过重用cuPSD打印服务使用的文件描述符而触发拒绝服务。
漏洞公告
厂商补丁: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOS X 10.2.3和MacOS X Server 10.2.3不受此漏洞影响。
升级程序:
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOS X 10.2 (Jaguar):
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Upgrade MacOSXUpdateCombo10.2.3.dmg
http://www.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kbnum/n120164
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOS X 10.2.2:
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Upgrade MacOSXUpdate10.2.3.dmg
http://www.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kbnum/n120165 Easy Software Products ---------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Easy Software Products Upgrade CUPS 1.1.18
http://www.cups.org/software.HTML
参考网址
来源: XF 名称: cups-file-descriptor-dos(10912) 链接:http://xforce.iss.net/xforce/xfdb/10912 来源: www.idefense.com 链接:http://www.idefense.com/advisory/12.19.02.txt 来源: www.idefense.com 链接:http://www.idefense.com/advisory/12.19.02.txt 来源: BID 名称: 6440 链接:http://www.securityfocus.com/bid/6440 来源: REDHAT 名称: RHSA-2002:295 链接:http://www.redhat.com/support/errata/RHSA-2002-295.HTML 来源: SUSE 名称: SuSE-SA:2003:002 链接:http://www.novell.com/linux/security/advisories/2003_002_cups.HTML 来源: MANDRAKE 名称: MDKSA-2003:001 链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 来源: DEBIAN 名称: DSA-232 链接:http://www.debian.org/security/2003/dsa-232 来源: BUGTRAQ 名称: 20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 来源: CONECTIVA 名称: CLSA-2003:702 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 来源: VULNWATCH 名称: 20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) 链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.HTML
受影响实体
- Easy_software_products Cups:1.0.4_8
- Easy_software_products Cups:1.1.13
- Easy_software_products Cups:1.1.14
- Easy_software_products Cups:1.1.17
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论