[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041012173024.1371C67A63@helix.pdev.ca.sco.com>
Date: Tue, 12 Oct 2004 10:30:24 -0700 (PDT)
From: please_reply_to_security@....com
To: security-announce@...t.sco.com, bugtraq@...urityfocus.com,
full-disclosure@...ts.netsys.com
Subject: UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service
Advisory number: SCOSA-2004.15
Issue date: 2004 October 07
Cross reference: sr891400 fz530153 erg712688 CAN-2004-0558
______________________________________________________________________________
1. Problem Description
The Internet Printing Protocol (IPP) implementation in
CUPS before 1.1.21 allows remote attackers to cause a
denial of service via a certain UDP packet to the IPP port.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the following name
CAN-2004-0558 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3up cups distribution
UnixWare 7.1.4 cups distribution
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4 / UnixWare 7.1.3up
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.15
4.2 Verification
MD5 (erg712688.pkg) = b5b4183052dd91adf878bd256a943e51
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download erg712688.pkg to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/erg712688.pkg
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
http://xforce.iss.net/xforce/xfdb/17389
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr891400 fz530153
erg712688.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
SCO would like to thank Alvaro Martinez Echevarria.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)
iD8DBQFBZdGXaqoBO7ipriERAsiCAJ9kdQB2Jvdh0PYYdoxTbQvqEimDXgCeK6cf
r6zSuovmtyzJdJcdqRhpzdQ=
=iUVV
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists