漏洞信息详情

LinuxPrinting.org Foomatic-Filter命令执行漏洞

• CNNVD编号：CNNVD-200409-039
• 危害等级： 中危
  
• CVE编号： CVE-2004-0801
• 漏洞类型： 输入验证
• 发布时间： 2004-09-16
• 威胁类型： 远程
• 更新时间： 2010-02-24
• 厂        商： trustix
• 漏洞来源： Discovery of this ...

漏洞简介

Foomatic 3.0.2之前版本中的foomatic-rip存在未知漏洞。本地用户或远程攻击者可以利用该漏洞通过访问CUPS来执行任意命令。

漏洞公告

Please see the referenced vendor advisories for information on obtaining and applying fixes. Sun Java Desktop System (JDS) 2003

• Sun patch-9321

Sun Java Desktop System (JDS) 2.0

• Sun patch-9321

LinuxPrinting.org Foomatic-Filters 3.0

• Conectiva foomatic-filters-3.0-27082U90_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/foomatic-filters-3.0-27082U 90_1cl.i386.rpm
• Conectiva foomatic-filters-cupsomatic-20020309-28777U90_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/foomatic-filters-cupsomatic -20020309-28777U90_1cl.i386.rpm
• RedHat foomatic-3.0.0-21.5.legacy.i386.rpmRedHat Fedora Core 1 http://download.fedoralegacy.org/fedora/1/updates/i386/foomatic-3.0.0- 21.5.legacy.i386.rpm
• SuSE foomatic-filters-3.0.0-100.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/foomatic-filters- 3.0.0-100.i586.patch.rpm
• SuSE foomatic-filters-3.0.0-100.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/foomatic-filt ers-3.0.0-100.x86_64.patch.rpm
• SuSE foomatic-filters-3.0.0-100.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/foomatic-filters- 3.0.0-100.i586.rpm
• SuSE foomatic-filters-3.0.0-100.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/foomatic-filt ers-3.0.0-100.x86_64.rpm

LinuxPrinting.org Foomatic-Filters 3.0.1

• Conectiva foomatic-filters-3.0.1-54575U10_1cl.noarch.rpm ftp://atualizacoes.conectiva.com.br/10/RPMS/foomatic-filters-3.0.1-545 75U10_1cl.noarch.rpm
• Fedora foomatic-3.0.1-3.1.i386.rpmRedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
• Fedora foomatic-3.0.1-3.1.x86_64.rpmRedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
• Fedora foomatic-debuginfo-3.0.1-3.1.i386.rpmRedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
• Fedora foomatic-debuginfo-3.0.1-3.1.x86_64.rpmRedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
• Mandrake cups-drivers-1.1-116.1.92mdk.amd64.rpmMandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake cups-drivers-1.1-116.1.92mdk.i586.rpmMandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php
• Mandrake cups-drivers-1.1-138.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake cups-drivers-1.1-138.2.100mdk.i586.rpmMandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-db-3.0-1.20030908.3.1.92mdk.amd64.rpmMandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-db-3.0-1.20030908.3.1.92mdk.i586.rpmMandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-db-3.0.1-0.20040828.1.1.100mdk.amd64.rpmMandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-db-3.0.1-0.20040828.1.1.100mdk.i586.rpmMandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-db-engine-3.0-1.20030908.3.1.92mdk.amd64.rpmMandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-db-engine-3.0-1.20030908.3.1.92mdk.i586.rpmMandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk.amd64.rpmMandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk.i586.rpmMandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-filters-3.0-1.20030908.3.1.92mdk.amd64.rpmMandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-filters-3.0-1.20030908.3.1.92mdk.i586.rpmMandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-filters-3.0.1-0.20040828.1.1.100mdk.amd64.rpmMandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake foomatic-filters-3.0.1-0.20040828.1.1.100mdk.i586.rpmMandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php
• Mandrake ghostscript-7.07-0.12.1.92mdk.amd64.rpmMandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake ghostscript-7.07-0.12.1.92mdk.i586.rpmMandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php
• Mandrake ghostscript-7.07-19.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php
• Mandrake ghostscript-7.07-19.2.100mdk.i586.rpmMandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php
• Mandrake ghostscript-module-X-7.07-0.12.1.92mdk.amd64.rpmMandrake Linux 9.2/AMD64

  参考网址

  来源: XF 名称: foomatic-command-execution(17388) 链接:http://xforce.iss.net/xforce/xfdb/17388 来源: TRUSTIX 名称: 2004-0047 链接:http://www.trustix.net/errata/2004/0047/ 来源: SUSE 名称: SUSE-SA:2004:031 链接:http://www.novell.com/linux/security/advisories/2004_31_cups.HTML 来源: SECUNIA 名称: 12557 链接:http://secunia.com/advisories/12557/ 来源: SCO 名称: SCOSA-2005.12 链接:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt 来源: SUNALERT 名称: 1000757 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1 来源: SUNALERT 名称: 201005 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1 来源: CONECTIVA 名称: CLA-2004:880 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000880 来源: BID 名称: 11184 链接:http://www.securityfocus.com/bid/11184 来源: SECUNIA 名称: 20312 链接:http://secunia.com/advisories/20312 来源: SUSE 名称: SUSE-SA:2006:026 链接:http://lists.suse.com/archive/suse-security-announce/2006-May/0007.HTML

受影响实体

• Trustix Secure_linux:2.1  

补丁

暂无