MDKSA-2003:010-1

Package name

printer-drivers

Date

2003-01-21

Advisory ID

MDKSA-2003:010-1

Affected versions

8.1 i586 , 8.2 i586

Problem description

Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. Update: Packages are now available for 8.1/IA64 and 8.2/PPC.

Updated packages

8.1 i586

 44b54c21acbac37b2e5d1da1b2c2b2e8  ia64/8.1/RPMS/cups-drivers-1.1-15.1mdk.ia64.rpm
8db22a16abccf307a3d731649b0102d1  ia64/8.1/RPMS/foomatic-1.1-0.20010923.1mdk.ia64.rpm
929ecd1433bb5b2a43e9ff0a66511844  ia64/8.1/RPMS/ghostscript-6.51-24.1mdk.ia64.rpm
9eb840200bf4791d0ab4f6c24a97c0b7  ia64/8.1/RPMS/ghostscript-module-X-6.51-24.1mdk.ia64.rpm
0ce228df9d29b5c83a111c70f7a5749e  ia64/8.1/RPMS/gimpprint-4.1.99-16.1mdk.ia64.rpm
c7e289c94341fabed4a959ababf67c50  ia64/8.1/RPMS/libgimpprint1-4.1.99-16.1mdk.ia64.rpm
2911884f58f80c1fc9256910f6f0c405  ia64/8.1/RPMS/libgimpprint1-devel-4.1.99-16.1mdk.ia64.rpm
6908e6267b212b8f9e7472d208ffa8d4  ia64/8.1/RPMS/omni-0.4-11.1mdk.ia64.rpm
044f93e42b72a54ea22ffe2860a9b9c2  ia64/8.1/RPMS/printer-filters-1.0-15.1mdk.ia64.rpm
6c07bae5bc733f6af65ba07fea404c5b  ia64/8.1/RPMS/printer-testpages-1.0-15.1mdk.ia64.rpm
dde725b757d560198884d8475ab3d790  ia64/8.1/RPMS/printer-utils-1.0-15.1mdk.ia64.rpm
34a738aaaa143ba707bbab98b382f1de  ia64/8.1/SRPMS/printer-drivers-1.0-15.1mdk.src.rpm

8.2 i586

 44be94916206a8654ec221f88b00d7cd  ppc/8.2/RPMS/cups-drivers-1.1-48.2mdk.ppc.rpm
e675ec1f149008fbad95f58b3d2c1e1e  ppc/8.2/RPMS/foomatic-1.1-0.20020323mdk.ppc.rpm
845135b798e7f8615f27ca1c0b06cb97  ppc/8.2/RPMS/ghostscript-6.53-13.2mdk.ppc.rpm
cdc8974e24bc569cc9350e7d04c96a37  ppc/8.2/RPMS/ghostscript-module-X-6.53-13.2mdk.ppc.rpm
f2b32d66a1322dde8dcc2e12938acf73  ppc/8.2/RPMS/gimpprint-4.2.1-0.pre5.2mdk.ppc.rpm
cb2df5391c821378538bed866c1837d3  ppc/8.2/RPMS/libgimpprint1-4.2.1-0.pre5.2mdk.ppc.rpm
3ad48f824b2c61bf2bba3e5f5a050b1d  ppc/8.2/RPMS/libgimpprint1-devel-4.2.1-0.pre5.2mdk.ppc.rpm
18e6c302965cb9a39a12b0fb412af1fe  ppc/8.2/RPMS/omni-0.6.0-2.2mdk.ppc.rpm
3f98fbfd4c3bf4302cf6b6a754bcdab3  ppc/8.2/RPMS/printer-filters-1.0-48.2mdk.ppc.rpm
89ad60d1446fadc9d144487e26607f93  ppc/8.2/RPMS/printer-testpages-1.0-48.2mdk.ppc.rpm
2de8e1bbbc33b87910c9584a3e024832  ppc/8.2/RPMS/printer-utils-1.0-48.2mdk.ppc.rpm
2118f3e17f58f70dc4dc91e9c92b7ab0  ppc/8.2/SRPMS/printer-drivers-1.0-48.2mdk.src.rpm

References

• http://www.idefense.com/advisory/01.21.03.txt
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0034
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0036
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0035