Mandrake alert: Updated printer-drivers packages fix local vulnerabilities

Posted by dave on Jan 21, 2003 10:14 AM EDT
Mailing list
Mail this story
Print this story

Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           printer-drivers
Advisory ID:            MDKSA-2003:010
Date:                   January 21st, 2003

Affected versions:      8.0, 8.1, 8.2, 9.0
________________________________________________________________________

Problem Description:

 Karol Wiesek and iDefense disovered three vulnerabilities in the 
 printer-drivers package and tools it installs.  These vulnerabilities 
 allow a local attacker to empty or create any file on the filesystem.
 
 The first vulnerability is in the mtink binary, which has a buffer 
 overflow in its handling of the HOME environment variable.
 
 The second vulnerability is in the escputil binary, which has a buffer 
 overflow in the parsing of the --printer-name command line argument.  
 This is only possible when esputil is suid or sgid; in Mandrake Linux 
 9.0 it was sgid "sys".  Successful exploitation will provide the 
 attacker with the privilege of the group "sys".
 
 The third vulnerability is in the ml85p binary which contains a race 
 condition in the opening of a temporary file.  By default this file is 
 installed suid root so it can be used to gain root privilege.  The only 
 caveat is that this file is not executable by other, only by root or 
 group "sys".  Using either of the two previous vulnerabilities, an 
 attacker can exploit one of them to obtain "sys" privilege" and then 
 use that to exploit this vulnerability to gain root privilege.
 
 MandrakeSoft encourages all users to upgrade immediately.
 
 Aside from the security vulnerabilities, a number of bugfixes are
 included in this update, for Mandrake Linux 9.0 users.  GIMP-Print 
 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic 
 snapshot are included.  For a list of the many bugfixes, please refer 
 to the RPM changelog.
________________________________________________________________________

References:
  
  http://www.idefense.com/advisory/01.21.03a.txt
________________________________________________________________________

Updated Packages:
  
 Mandrake Linux 8.0:
 f73ac236476e42edb47c6de8bddf3bf6  8.0/RPMS/ghostscript-5.50-67.1mdk.i586.rpm
 194d3d3150830529262cd562084b2748  8.0/RPMS/ghostscript-module-SVGALIB-5.50-67.1mdk.i586.rpm
 237a8a46e63c3d364426e24700121f5d  8.0/RPMS/ghostscript-module-X-5.50-67.1mdk.i586.rpm
 46a3685b6b609550996fdfb443f08ee5  8.0/RPMS/ghostscript-utils-5.50-67.1mdk.i586.rpm
 c444a6dc72f986760fc79f04171b4248  8.0/SRPMS/ghostscript-5.50-67.1mdk.src.rpm

 Mandrake Linux 8.1:
 1c099c00b6048a3cb4388a5d14d50e83  8.1/RPMS/cups-drivers-1.1-15.1mdk.i586.rpm
 9f9e63f6d1c3824af50e11c22b92734a  8.1/RPMS/foomatic-1.1-0.20010923.1mdk.i586.rpm
 007184bfd509d6b1af39e52be5388fc5  8.1/RPMS/ghostscript-6.51-24.1mdk.i586.rpm
 034d87218640f50e3a7718018020cb05  8.1/RPMS/ghostscript-module-SVGALIB-6.51-24.1mdk.i586.rpm
 6066643d9abba4c6ac9fdad5b551cb7e  8.1/RPMS/ghostscript-module-X-6.51-24.1mdk.i586.rpm
 c6a17df239c3ddd445ce9f2bc555d4cd  8.1/RPMS/libgimpprint1-4.1.99-16.1mdk.i586.rpm
 f755acbe2e2f3d9e655878128e9093ce  8.1/RPMS/libgimpprint1-devel-4.1.99-16.1mdk.i586.rpm
 2461154aa9964328e581d7a5783bdb30  8.1/RPMS/omni-0.4-11.1mdk.i586.rpm
 9aa152eb8ed7ce8a786314ccf05aa0e7  8.1/RPMS/printer-filters-1.0-15.1mdk.i586.rpm
 5739c7c8a224c195ac2022c67b80b7e2  8.1/RPMS/printer-testpages-1.0-15.1mdk.i586.rpm
 a03fe3c9df2d3bca85fcc7251bdd642e  8.1/RPMS/printer-utils-1.0-15.1mdk.i586.rpm
 ef1b8de6afb6564ded010866e004ed90  8.1/SRPMS/printer-drivers-1.0-15.1mdk.src.rpm

 Mandrake Linux 8.2:
 3e337348a3f33d95c36f038d86eb2fc3  8.2/RPMS/cups-drivers-1.1-48.2mdk.i586.rpm
 a6a6d768dd87e97622b2ed23a9d87b71  8.2/RPMS/foomatic-1.1-0.20020323mdk.i586.rpm
 40671ccb5c3bb2968de5ed0149620b1e  8.2/RPMS/ghostscript-6.53-13.2mdk.i586.rpm
 49a34a44f9f56081691d7aea19227ad9  8.2/RPMS/ghostscript-module-SVGALIB-6.53-13.2mdk.i586.rpm
 06910c0a6486ac8d2bbca180f6788039  8.2/RPMS/ghostscript-module-X-6.53-13.2mdk.i586.rpm
 043cd354df0edbfe9541187d6fe0003f  8.2/RPMS/gimpprint-4.2.1-0.pre5.2mdk.i586.rpm
 7b72e1912f52e299c414c863fd6bac99  8.2/RPMS/libgimpprint1-4.2.1-0.pre5.2mdk.i586.rpm
 ac7867720301cdbe22f78205464625d0  8.2/RPMS/libgimpprint1-devel-4.2.1-0.pre5.2mdk.i586.rpm
 71c1bf91eb6a2c4e67bcc5f2701fa318  8.2/RPMS/omni-0.6.0-2.2mdk.i586.rpm
 30b7a5bf39d72f92f6a705a64616b4a6  8.2/RPMS/printer-filters-1.0-48.2mdk.i586.rpm
 f574df2c4907b44de93371d533a98d3e  8.2/RPMS/printer-testpages-1.0-48.2mdk.i586.rpm
 889b82046f705b8cdb34d8bcc10493ee  8.2/RPMS/printer-utils-1.0-48.2mdk.i586.rpm
 2118f3e17f58f70dc4dc91e9c92b7ab0  8.2/SRPMS/printer-drivers-1.0-48.2mdk.src.rpm

 Mandrake Linux 9.0:
 1a37c30fff3477daa2daf751f0c9bc0a  9.0/RPMS/cups-drivers-1.1-84.2mdk.i586.rpm
 3de7cba3d95989049cb11995de2308c1  9.0/RPMS/foomatic-2.0.2-20021220.2.2mdk.i586.rpm
 b4fc5535711e41e06105982f7bfec62b  9.0/RPMS/ghostscript-7.05-33.2mdk.i586.rpm
 cee4fb4252d7c31e34d21f79de9600f6  9.0/RPMS/ghostscript-module-X-7.05-33.2mdk.i586.rpm
 824251708aed6bf396c6e97563a1ee4b  9.0/RPMS/gimpprint-4.2.5-0.2.2mdk.i586.rpm
 d55709ae91e0c0d9a33d2a3e91e7d4c1  9.0/RPMS/libgimpprint1-4.2.5-0.2.2mdk.i586.rpm
 66ebc0d857ac276224922ff6153992fb  9.0/RPMS/libgimpprint1-devel-4.2.5-0.2.2mdk.i586.rpm
 f0e61a68715e8306f5ab855c361c55fa  9.0/RPMS/libijs0-0.34-24.2mdk.i586.rpm
 7cbe0c624df21e8b72d3adb5b6be6134  9.0/RPMS/libijs0-devel-0.34-24.2mdk.i586.rpm
 8350469b4ad3218180e4b39a4cf74a96  9.0/RPMS/omni-0.7.1-11.2mdk.i586.rpm
 b4c8beac968111896470094968d600c8  9.0/RPMS/printer-filters-1.0-84.2mdk.i586.rpm
 9aa2a1367195f1d632e3bfc8cf4e7af9  9.0/RPMS/printer-testpages-1.0-84.2mdk.i586.rpm
 da4818ea36b2a2d9031ec87529d33f6c  9.0/RPMS/printer-utils-1.0-84.2mdk.i586.rpm
 1760b9879e7614476c4defe2cef601bf  9.0/SRPMS/printer-drivers-1.0-84.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
  
  594 - cupsomatic+ghostscript+hpijs stop working
  641 - foomatic-gswrapper causes printing to fail
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig <filename>

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
EJGXlA==
=yGlX
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+LZttmqjQ0CJFipgRAl/TAJ9beeiVE1awGYPAGuueuoIlHeHr/QCZAQEw
N7/VkpZUgbsyxs/d33oDPvY=
=pWx4
-----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.