[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200307041745.OAA18309@frajuto.distro.conectiva>
Date: Fri, 4 Jul 2003 14:45:20 -0300
From: Conectiva Updates <secure@...ectiva.com.br>
To: conectiva-updates@...aleguas.conectiva.com.br, lwn@....net,
bugtraq@...urityfocus.com, security-alerts@...uxsecurity.com,
linsec@...ts.seifried.org
Subject: [CLA-2003:675] Conectiva Security Announcement - ml85p
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : ml85p
SUMMARY : Insecure temporary file creation
DATE : 2003-07-04 14:43:00
ID : CLA-2003:675
RELEVANT
RELEASES : 7.0, 8
- -------------------------------------------------------------------------
DESCRIPTION
ml85p[1] is a printer driver for the Samsung ML-85G and QL85G printer
models.
iDEFENSE published[2] the following vulnerabilities in some printer
related packages, including ml85p:
- mtink: this package is not distributed with Conectiva Linux;
- escputil: the escputil program has a buffer overflow vulnerability
in the way it deals with a printer name. Long enough names can be
used to execute arbitrary code or crash the program. In Conectiva
Linux, escputil is NOT a SGID program, so it is not possible to
obtain higher privileges by exploiting this problem, but we are
nevertheless including a fix with this update.
- ml85p: this is a SUID root program and it creates temporary files
in an insecure way, which makes it vulnerable to a race condition
exploit. A local attacker could easily guess the name of this file
and create a symbolic link to anywhere on the system. If the target
exists, it will be overwritten; otherwise, it will be created with
0666 permissions (world writable).
There is, however, a condition for this to work: the attacker must be
able to execute ml85p. By default, it is only executable by root or
members of the "sys" group.
SOLUTION
It is recommended that all ml85p and escputil users upgrade their
packages.
The ml85p package does not exist in Conectiva Linux 7: only the
package corresponding to the escputil tool is being upgraded in that
version of the distribution.
Due to dependencies in the printer system, several other gimp-print
packages in Conectiva Linux 8 have to be updated as well, even though
they are not directly related to these vulnerabilities.
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/cups-drivers-1.0-3U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-drivers-1.0-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/ml85p-0.1.0-3U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/gimp-print-4.2.0-12U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ml85p-0.1.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/escputil-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-da-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-en_GB-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-fr-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-no-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-pl-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-sv-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-devel-ghostscript-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-doc-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-foomatic-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-devel-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-devel-static-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/task-gimp-print-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/task-gimp-print-cups-4.2.0-12U80_1cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@...aleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@...aleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/Bb0v42jd0JmAcZARAiLeAKCthNdeQsX3wavHGRTlW18gcHfIKACgx8o1
KGV7YsGfcmctCofSgfNNllQ=
=GFU6
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists