Note: This is an archival copy of Security Sun Alert 201005 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000757.1.
Article ID : 1000757.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities in Common Unix Printing System (CUPS) May Allow a Remote Unprivileged User to Execute Arbitrary Code

Category
Security

Release Phase
Resolved

Bug Id
5102516

Date of Resolved Release
07-OCT-2004

Impact

Due to improper command line and environment variable validation, a remote or local unprivileged user may be able to execute arbitrary commands with the privileges of the CUPS daemon (cupsd(8)), which is typically the unprivileged "lp" user. Furthermore, a remote Denial of Service (DoS) condition within CUPS may allow remote unprivileged users to cause the CUPS server to become unresponsive.

Note: The Common Unix Printing System (CUPS) is a cross-platform printing solution for all UNIX environments. It is based on the Internet Printing Protocol (IPP) and provides complete printing services to most PostScript and raster printers.

These issues are described in the following documents:


Contributing Factors

These issues can occur in the following releases:

Linux

  • Sun Java Desktop System (JDS) 2003 without the updated RPMs (patch-9321)
  • Sun Java Desktop System (JDS) Release 2 without the updated RPMs (patch-9321)

Note: JDS for Solaris is not impacted by these issues.

These issues only occur with CUPS versions cups-libs-1.1.15-150 or earlier.

To determine the release of JDS for Linux installed on a system, the following command can be run: 

    % cat /etc/sun-release
Sun Java Desktop System, Release 2 -build 10b (GA)
Assembled 30 March 2004

To determine the version of CUPS, the following command can be run: 

    % rpm -qf /usr/lib/libcups.so.2
cups-libs-1.1.15-1

Symptoms

There are no reliable symptoms that would show the buffer overflow issue described has been exploited. The CUPS daemon cupsd(8) will become unresponsive when the Denial of Service (DoS) attack has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

These issues are addressed in the following releases:

Linux

  • Sun Java Desktop System (JDS) 2003 with the updated RPMs (patch-9321)
  • Sun Java Desktop System (JDS) Release 2 with the updated RPMs (patch-9321)

To download and install the updated RPMs from the update servers select the following from the launch bar: 

    Launch >> Applications >> System Tools >> Online Update

For more information on obtaining updates see:



Modification History

Product
Sun Java Desktop System Release 2

Sun Java Desktop System 2003








































Attachments
This solution has no attachment