漏洞信息详情
CUPS图象过滤器GIF零宽度内存破坏漏洞
- CNNVD编号:CNNVD-200212-067
- 危害等级: 高危
- CVE编号: CVE-2002-1371
- 漏洞类型: 边界条件错误
- 发布时间: 2002-12-26
- 威胁类型: 远程
- 更新时间: 2006-01-18
- 厂 商: easy_software_products
- 漏洞来源: iDEFENSE Labs※ lab...
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Common Unix Printing System(CUPS)是美国苹果(CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple)公司的一套开源的用于OS X和类Unix系统的打印系统。该系统基于Internet打印协议(IPP),提供大多数PostScript和raster打印机服务。 CUPS图象过滤器不正确处理宽度为零值的GIF文件,远程攻击者可以利用这个漏洞进行对CUPS进行拒绝服务攻击,可能以CUPS进程权限在系统上执行任意指令。 在filters/image-gif.c图象过滤器代码中不正确检查图象宽度为零的GIF文件: bpp = ImageGetDepth(img); pixels = calloc(bpp, img->xsize); ... xpos ++; temp += bpp; if (xpos == img->xsize) { ImagePutRow(img, 0, ypos, img->xsize, pixels); ... 如果攻击者发送特殊构建的GIF文件,可能破坏内存结构,以CUPS进程权限在系统上执行任意指令。 Red Hat Linux和CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOS X系统默认不安装CUPS系统。
漏洞公告
厂商补丁: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOS X 10.2.3和MacOS X Server 10.2.3不受此漏洞影响。
升级程序:
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOS X 10.2 (Jaguar):
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Upgrade MacOSXUpdateCombo10.2.3.dmg
http://www.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kbnum/n120164
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOS X 10.2.2:
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Upgrade MacOSXUpdate10.2.3.dmg
http://www.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kbnum/n120165 Easy Software Products ---------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Easy Software Products Upgrade CUPS 1.1.18
http://www.cups.org/software.HTML
参考网址
来源: XF 名称: cups-zero-width-images(10911) 链接:http://xforce.iss.net/xforce/xfdb/10911 来源: www.idefense.com 链接:http://www.idefense.com/advisory/12.19.02.txt 来源: www.idefense.com 链接:http://www.idefense.com/advisory/12.19.02.txt 来源: BID 名称: 6439 链接:http://www.securityfocus.com/bid/6439 来源: REDHAT 名称: RHSA-2002:295 链接:http://www.redhat.com/support/errata/RHSA-2002-295.HTML 来源: SUSE 名称: SuSE-SA:2003:002 链接:http://www.novell.com/linux/security/advisories/2003_002_cups.HTML 来源: MANDRAKE 名称: MDKSA-2003:001 链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 来源: DEBIAN 名称: DSA-232 链接:http://www.debian.org/security/2003/dsa-232 来源: BUGTRAQ 名称: 20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 来源: CONECTIVA 名称: CLSA-2003:702 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 来源: VULNWATCH 名称: 20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) 链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.HTML
受影响实体
- Easy_software_products Cups:1.1.17
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论