| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Oct 2004 10:30:24 -0700 (PDT) From: please_reply_to_security@....com To: security-announce@...t.sco.com, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service Advisory number: SCOSA-2004.15 Issue date: 2004 October 07 Cross reference: sr891400 fz530153 erg712688 CAN-2004-0558 ______________________________________________________________________________ 1. Problem Description The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service via a certain UDP packet to the IPP port. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0558 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.3up cups distribution UnixWare 7.1.4 cups distribution 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 / UnixWare 7.1.3up 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.15 4.2 Verification MD5 (erg712688.pkg) = b5b4183052dd91adf878bd256a943e51 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712688.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/erg712688.pkg 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558 http://xforce.iss.net/xforce/xfdb/17389 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr891400 fz530153 erg712688. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments SCO would like to thank Alvaro Martinez Echevarria. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFBZdGXaqoBO7ipriERAsiCAJ9kdQB2Jvdh0PYYdoxTbQvqEimDXgCeK6cf r6zSuovmtyzJdJcdqRhpzdQ= =iUVV -----END PGP SIGNATURE-----
Powered by blists - more mailing lists