[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands

To: security-announce@xxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands
From: please_reply_to_security@xxxxxxx
Date: Mon, 7 Feb 2005 19:33:05 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
 SCO Security Advisory
Subject: UnixWare 7.1.4 : vulnerability in foomatic-rip in 
Foomatic before 3.0.2 allows local users or remote attackers with access to 
CUPS to execute arbitrary commands
Advisory number: SCOSA-2005.12
Issue date: 2005 February 07
Cross reference: sr891400 fz530505 erg712704 CAN-2004-0801
______________________________________________________________________________
1. Problem Description
 Unknown vulnerability in foomatic-rip in Foomatic before
 3.0.2 allows local users or remote attackers with access
 to CUPS to execute arbitrary commands 
 The Common Vulnerabilities and Exposures project (cve.mitre.org) 
 has assigned the name CAN-2004-0801 to this issue.
2. Vulnerable Supported Versions
 System Binaries
 ----------------------------------------------------------------------
 UnixWare 7.1.4 /usr/bin/foomatic-gswrapper
 /usr/bin/foomatic-rip
3. Solution
 The proper solution is to install the latest packages.
4. UnixWare 7.1.4
 4.1 Location of Fixed Binaries
 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12
 4.2 Verification
 MD5 (erg712704.pkg) = af69594469448a198e30945ff1b975b3
 md5 is available for download from
 ftp://ftp.sco.com/pub/security/tools
 4.3 Installing Fixed Binaries
 Upgrade the affected binaries with the following sequence:
 Download erg712704.pkg to the /var/spool/pkg directory
 # pkgadd -d /var/spool/pkg/erg712704.pkg
5. References
 Specific references for this advisory:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0801
 http://xforce.iss.net/xforce/xfdb/17388
 SCO security resources:
 http://www.sco.com/support/security/index.html
 SCO security advisories via email
 http://www.sco.com/support/forums/security.html
 This security fix closes SCO incidents sr891400 fz530505
 erg712704.
6. Disclaimer
 SCO is not responsible for the misuse of any of the information
 we provide on this website and/or through our security
 advisories. Our advisories are a service to our customers
 intended to promote secure installation and use of SCO
 products.
7. Acknowledgments
 SCO would like to thank the SuSE Security Team.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)
iD8DBQFCB/J9aqoBO7ipriERAnx3AKCXiXQ6TfOz8fwFieGgPI3Y/mB5uwCgmu08
VWlt2WkYyb5ND83/elgcNcE=
=RKwz
-----END PGP SIGNATURE-----

Prev by Date: RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN)
Next by Date: CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability
Previous by thread: RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN)
Next by thread: CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability
Index(es):
- Date
- Thread