Note: This is an archival copy of Security Sun Alert 201005 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000757.1.
Date of Resolved Release
Due to improper command line and environment variable validation, a remote or local unprivileged user may be able to execute arbitrary commands with the privileges of the CUPS daemon (cupsd(8)), which is typically the unprivileged "lp" user. Furthermore, a remote Denial of Service (DoS) condition within CUPS may allow remote unprivileged users to cause the CUPS server to become unresponsive.
Note: The Common Unix Printing System (CUPS) is a cross-platform printing solution for all UNIX environments. It is based on the Internet Printing Protocol (IPP) and provides complete printing services to most PostScript and raster printers.
These issues are described in the following documents:
These issues can occur in the following releases:
Note: JDS for Solaris is not impacted by these issues.
These issues only occur with CUPS versions cups-libs-1.1.15-150 or earlier.
To determine the release of JDS for Linux installed on a system, the following command can be run:
% cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004
To determine the version of CUPS, the following command can be run:
% rpm -qf /usr/lib/libcups.so.2 cups-libs-1.1.15-1
There are no reliable symptoms that would show the buffer overflow issue described has been exploited. The CUPS daemon cupsd(8) will become unresponsive when the Denial of Service (DoS) attack has been exploited.
There is no workaround. Please see the "Resolution" section below.
These issues are addressed in the following releases:
To download and install the updated RPMs from the update servers select the following from the launch bar:
Launch >> Applications >> System Tools >> Online Update
For more information on obtaining updates see:
Sun Java Desktop System Release 2
Sun Java Desktop System 2003
This solution has no attachment