French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes CUPS Memory Corruption Vulnerability

Title : Mandriva Security Update Fixes CUPS Memory Corruption Vulnerability
Advisory ID : FrSIRT/ADV-2007-3687
CVE ID : CVE-2007-4351
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-02

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
e23b399fd831bdd8c603c9e3b4c48ffc 2007.0/i586/cups-1.2.4-1.4mdv2007.0.i586.rpm
7c4e0384b1a191627b7f8e9a4ae9d4a6 2007.0/i586/cups-common-1.2.4-1.4mdv2007.0.i586.rpm
ce4b32b8af4fd0977deaafc74441c014 2007.0/i586/cups-serial-1.2.4-1.4mdv2007.0.i586.rpm
d06368c9caa68f936a5e6dda6e7fb5c6 2007.0/i586/libcups2-1.2.4-1.4mdv2007.0.i586.rpm
a244f21ce09342e9c315a344cf596d85 2007.0/i586/libcups2-devel-1.2.4-1.4mdv2007.0.i586.rpm
dc41bf3eb0d83fd03fcc34f289f8eb6c 2007.0/i586/php-cups-1.2.4-1.4mdv2007.0.i586.rpm
3b2e000cc3b936c3a8b7094f31a09397 2007.0/SRPMS/cups-1.2.4-1.4mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
a6628ec9ac0cbe200e088eda57a9c5bc 2007.0/x86_64/cups-1.2.4-1.4mdv2007.0.x86_64.rpm
2e58f927d087a003e00812d825ee22f5 2007.0/x86_64/cups-common-1.2.4-1.4mdv2007.0.x86_64.rpm
af7e07631f23b72dd253b1c577fd80ba 2007.0/x86_64/cups-serial-1.2.4-1.4mdv2007.0.x86_64.rpm
297711478022026dedc25fb7aafaf780 2007.0/x86_64/lib64cups2-1.2.4-1.4mdv2007.0.x86_64.rpm
c7d7c450464a5b4ce987b873374d7672 2007.0/x86_64/lib64cups2-devel-1.2.4-1.4mdv2007.0.x86_64.rpm
2f9d2f0042ec013c8f7a1bb6ee400165 2007.0/x86_64/php-cups-1.2.4-1.4mdv2007.0.x86_64.rpm
3b2e000cc3b936c3a8b7094f31a09397 2007.0/SRPMS/cups-1.2.4-1.4mdv2007.0.src.rpm

Mandriva Linux 2007.1:
b62822552fe48abaeced97000b1645a5 2007.1/i586/cups-1.2.10-2.2mdv2007.1.i586.rpm
4786bd22d5d34e824e06e28a3d1c2c39 2007.1/i586/cups-common-1.2.10-2.2mdv2007.1.i586.rpm
f97ec418e42340268ffd3f525b0bedbe 2007.1/i586/cups-serial-1.2.10-2.2mdv2007.1.i586.rpm
c70082109a3447dc47b873062d0d5a7d 2007.1/i586/libcups2-1.2.10-2.2mdv2007.1.i586.rpm
5ccaf6cc0d42c4d3c6c39fc7a5d1aa47 2007.1/i586/libcups2-devel-1.2.10-2.2mdv2007.1.i586.rpm
ea9bfd729bfeb62ec3abade783056406 2007.1/i586/php-cups-1.2.10-2.2mdv2007.1.i586.rpm
939f5648ef070af9f2280b0dc127e2fd 2007.1/SRPMS/cups-1.2.10-2.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
76efedcbae8bb5d6bba0b53831b0c2a0 2007.1/x86_64/cups-1.2.10-2.2mdv2007.1.x86_64.rpm
a6391bf0397645a1d7c624b65dc4b5e6 2007.1/x86_64/cups-common-1.2.10-2.2mdv2007.1.x86_64.rpm
26fbf6292b5c24aa357485d6739a030b 2007.1/x86_64/cups-serial-1.2.10-2.2mdv2007.1.x86_64.rpm
055ae27cc25345cfe93f672b3f3d3dea 2007.1/x86_64/lib64cups2-1.2.10-2.2mdv2007.1.x86_64.rpm
8c46ae6621d662416c6fd48eb900c3fa 2007.1/x86_64/lib64cups2-devel-1.2.10-2.2mdv2007.1.x86_64.rpm
5bf659a25b401d796a8107e61f71d824 2007.1/x86_64/php-cups-1.2.10-2.2mdv2007.1.x86_64.rpm
939f5648ef070af9f2280b0dc127e2fd 2007.1/SRPMS/cups-1.2.10-2.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
066d0553d0d41408d9f0b0d89b9299de 2008.0/i586/cups-1.3.0-3.2mdv2008.0.i586.rpm
761125ca708cd22b2360e84f36674051 2008.0/i586/cups-common-1.3.0-3.2mdv2008.0.i586.rpm
24a6797ad61c1ee82710480cba57c912 2008.0/i586/cups-serial-1.3.0-3.2mdv2008.0.i586.rpm
2c6d558345461a1813ea8ffa9b93be4e 2008.0/i586/libcups2-1.3.0-3.2mdv2008.0.i586.rpm
30bd123775b39ffd80e94d3232dbd5ce 2008.0/i586/libcups2-devel-1.3.0-3.2mdv2008.0.i586.rpm
1d147d09513abcb5e556a02dcb4272aa 2008.0/i586/php-cups-1.3.0-3.2mdv2008.0.i586.rpm
cfcb64cb2bc0af7b05c3770138a9311c 2008.0/SRPMS/cups-1.3.0-3.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
617534198402457ccce075bfc8341a2d 2008.0/x86_64/cups-1.3.0-3.2mdv2008.0.x86_64.rpm
d7f56b65a853c2030ee85a5b9db1b800 2008.0/x86_64/cups-common-1.3.0-3.2mdv2008.0.x86_64.rpm
48c4cd42cd19179ffeb003e1fed91f62 2008.0/x86_64/cups-serial-1.3.0-3.2mdv2008.0.x86_64.rpm
2760af902f9937b89dfb836a07b373b2 2008.0/x86_64/lib64cups2-1.3.0-3.2mdv2008.0.x86_64.rpm
a9cb35f7fa4cf7b55ef5730690b04aff 2008.0/x86_64/lib64cups2-devel-1.3.0-3.2mdv2008.0.x86_64.rpm
7de4fe03981dbf79b9324e6e3fe244e4 2008.0/x86_64/php-cups-1.3.0-3.2mdv2008.0.x86_64.rpm
cfcb64cb2bc0af7b05c3770138a9311c 2008.0/SRPMS/cups-1.3.0-3.2mdv2008.0.src.rpm

Corporate 3.0:
15d47f4a424509184dd470da0367e4d7 corporate/3.0/i586/cups-1.1.20-5.13.C30mdk.i586.rpm
919fcbbbaf3d98be034b99c8557ca077 corporate/3.0/i586/cups-common-1.1.20-5.13.C30mdk.i586.rpm
4afd975f1d917bdc4295efeff6da7b59 corporate/3.0/i586/cups-serial-1.1.20-5.13.C30mdk.i586.rpm
73cc314ecb9ad5667521b0c25c4bde6b corporate/3.0/i586/libcups2-1.1.20-5.13.C30mdk.i586.rpm
f735244992f18a5edcf6911b7a755072 corporate/3.0/i586/libcups2-devel-1.1.20-5.13.C30mdk.i586.rpm
6e7caebc791076f1b7be6e01feb32843 corporate/3.0/SRPMS/cups-1.1.20-5.13.C30mdk.src.rpm

Corporate 3.0/X86_64:
8ac0fa6a86ad44b1542ed2a6917058f0 corporate/3.0/x86_64/cups-1.1.20-5.13.C30mdk.x86_64.rpm
592aa5849264c2e83973b9e0025e6686 corporate/3.0/x86_64/cups-common-1.1.20-5.13.C30mdk.x86_64.rpm
d57eb8c52fd2caacebacf5374915fa3d corporate/3.0/x86_64/cups-serial-1.1.20-5.13.C30mdk.x86_64.rpm
f96e95f4c460456c4e7fc939245e2c92 corporate/3.0/x86_64/lib64cups2-1.1.20-5.13.C30mdk.x86_64.rpm
a10a7345e5d8854d51cfd3f8b1ace568 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.13.C30mdk.x86_64.rpm
6e7caebc791076f1b7be6e01feb32843 corporate/3.0/SRPMS/cups-1.1.20-5.13.C30mdk.src.rpm

Corporate 4.0:
a0f3d078a74b2c53e4584bb38cce9a3c corporate/4.0/i586/cups-1.2.4-0.4.20060mlcs4.i586.rpm
d6d6ad7ccc2a10e2afef7c4df1ff356f corporate/4.0/i586/cups-common-1.2.4-0.4.20060mlcs4.i586.rpm
acdb601c9b45c6c3aac33a8c35511df1 corporate/4.0/i586/cups-serial-1.2.4-0.4.20060mlcs4.i586.rpm
92dbd07ab275e28ef5e9389b0ba41044 corporate/4.0/i586/libcups2-1.2.4-0.4.20060mlcs4.i586.rpm
5d785917c935e1be68259d6ddcc39c34 corporate/4.0/i586/libcups2-devel-1.2.4-0.4.20060mlcs4.i586.rpm
30178e2b49f94797265f8bd5521f4feb corporate/4.0/i586/php-cups-1.2.4-0.4.20060mlcs4.i586.rpm
c69b9cb3c9cc0195754ad0abbba86909 corporate/4.0/SRPMS/cups-1.2.4-0.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
94a66b9c5c857dac0608740b59d3c7d3 corporate/4.0/x86_64/cups-1.2.4-0.4.20060mlcs4.x86_64.rpm
8b85a0601a5140a2124f6f4a226636ab corporate/4.0/x86_64/cups-common-1.2.4-0.4.20060mlcs4.x86_64.rpm
626e94c62eb6a8542218add3acf5643d corporate/4.0/x86_64/cups-serial-1.2.4-0.4.20060mlcs4.x86_64.rpm
8981312a07b0073590a0a9fe47d84fa4 corporate/4.0/x86_64/lib64cups2-1.2.4-0.4.20060mlcs4.x86_64.rpm
52c5bcce946a258be2961cfc0aeac04c corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.4.20060mlcs4.x86_64.rpm
b93fee3d490982b27af59c547c82ea26 corporate/4.0/x86_64/php-cups-1.2.4-0.4.20060mlcs4.x86_64.rpm
c69b9cb3c9cc0195754ad0abbba86909 corporate/4.0/SRPMS/cups-1.2.4-0.4.20060mlcs4.src.rpm

ChangeLog

2007-11-02 : Initial release
2007-11-13 : Updated Solution

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Sun Solaris Covert Channel Local Security Bypass Vulnerability

Sun Solaris NFS RPC Zone Denial of Service Vulnerability

Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability

Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability

Sun Java System Portal Server Cross Site Scripting Vulnerability

Sun rdesktop Code Execution and Denial of Service

Sun Java System Web Proxy Server Denial of Service Vulnerability

Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities

Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

Cisco Products Remote DNS Cache Poisoning Vulnerability

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

Cisco Intrusion Prevention System Jumbo Frame Vulnerability

Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Xcode Code Execution and Information Disclosure Vulnerabilities

Apple TV Data Processing Remote Code Execution Vulnerabilities

Apple Mac OS X Command Execution and Security Bypass Issues

Apple Safari for Mac OS X Remote Code Execution Vulnerability

Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy