安全研究
安全漏洞
CUPS SNMP后端asn1_get_string()函数远程栈溢出漏洞
发布日期:2007-11-08
更新日期:2008-01-03
受影响系统:
Apple CUPS <= 1.3.4不受影响系统:
Apple CUPS 1.3.5描述:
BUGTRAQ ID: 26917
CVE(CAN) ID: CVE-2007-5849
Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
CUPS处理包含畸形数据的SNMP请求时存在漏洞,远程攻击者可能利用此漏洞控制服务器。
CUPS的backend/snmp.c文件中的asn1_get_string()函数存在符号错误。当后端SNMP程序广播SNMP请求发现网络打印服务器时,攻击者可以回复畸形的SNMP请求,后端SNMP程序处理包含有负值asn1编码字符串的SNMP响应时就会触发栈溢出,导致拒绝服务或执行任意指令。
<*来源:Wei Wang (wei_wang@mcafee.com)
链接:http://secunia.com/advisories/28129
http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=201570
http://www.cups.org/str.php?L2589
http://www.debian.org/security/2007/dsa-1437
http://security.gentoo.org/glsa/glsa-200712-14.xml
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
建议:
厂商补丁:
Apple
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.cups.org/strfiles/2589/str2589.patch
Debian
------
Debian已经为此发布了一个安全公告(DSA-1437-1)以及相应补丁:
DSA-1437-1:New cupsys packages fix several vulnerabilities
链接:http://www.debian.org/security/2007/dsa-1437
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc
Size/MD5 checksum: 1084 7eda7d3797d141d174e163f837cd91b4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz
Size/MD5 checksum: 103089 a856a1ff975042783cb87f23d15e5b3a
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb
Size/MD5 checksum: 45246 3216cd80859aa97b7c8c5774b2462db2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb
Size/MD5 checksum: 893020 28b90e7e58400b9216f72cecf7de0d4a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 1096542 686386cd43230708d49cea4af0d57b9f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 94468 32d1efdef788039ac00ed1e57a6fcc47
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 1608840 d042363f0999e1f11939e3f5e8de8b38
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 72432 5e43d1208715258c4ff09dcee0fa4081
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 86284 dca9ccc53cb8fcf7b8e1a44b8e76a6ad
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 184372 cb6c4f2c2a08ccc55c25c35d039fe400
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 39260 cdfc7a39f71c1aed6973a2956cf8749d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb
Size/MD5 checksum: 174608 e2c1ebf86bfc9f538a640c8ea385330f
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 142552 60167bc344afbaa54904b295c78def9c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 36366 3feca5f614aca7d527b1beba01462f6e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 161666 65ebf0f70d842eeb8adc309946357b4d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 85314 0be1f821b4880c7a4b83cd7779edbce4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 80704 26db3ea2f4aee728ead9ffba2686b827
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 1574360 3a1e7f5f6a8766a1f89aa65fc47c5d72
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 52862 3e8caecdc231fcded29f0029b76019a8
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb
Size/MD5 checksum: 1085694 235f96f3c07947ab11cd4222490441f0
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 48532 08ce8a9c2d9edf30a381ddc34073c397
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 1025036 c3165815ab4292c0b200176c4c0ad7d6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 35924 02c6ebde8deb0fcb39074deb5895b95b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 78912 33627a4c4e1dd3b4001f165cfda64259
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 132054 c4e04d8fb763e599931f3cb0207d84cb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 154314 0dcbd01293a5a0925af776bc0d6490fa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 84494 66ff0b8a8b07d0faddee758806e044be
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb
Size/MD5 checksum: 1568356 725c88c2ac3737a0a323e82a5877f8f9
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 39264 528456372ac16c6dc257d2672a24cc84
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 85260 60da86a4e6b72d49f3c405cda6eaaa33
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 90316 7d7093a9bca7c6ee4a190eaea715cf1f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 57026 7e78c5bf532b9761b6ebc290c4c24b94
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 171548 37bfd1849d459be20f5df6da4d0e8f19
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 1611932 3a3e91d8c878c6ec42a99d1bfacbafac
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 154600 fc87ba725d54223245d9cb71777307a7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb
Size/MD5 checksum: 1031728 cdcfb63a3a2200f4ca36aa0d530c32d9
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 53068 e28d98e95a5e543991b996e84d028863
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 138280 28df76637f6b23d98ec81f6a7bf2b6ba
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 159796 fa2db05d879ce293041be45683febe8b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 1547840 6d7396410919ae7207d3d9aadfb5026f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 79880 c392020f91e2901d4122ef6a1fa08fed
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 85778 a11291b1a834d42ba160fb8d92db0c3a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 997490 0d91574ed291678037351dd0a32f445f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb
Size/MD5 checksum: 36476 ee84ce1774c646915ba410dadcda3470
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 1107194 dc683bec9dcfffc4a1e020b2859e1fab
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 106228 db41cfc57bf2d43da703285f9790344c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 46332 f52d7a07c6acf6613da1ae43f64b8ef7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 203378 9da06426a99702d4485b528d542b666d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 105872 cd243300f6b804b2501e5681401c574e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 73934 b3618bd2d5b1de8371ea56301312ef3a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 192368 35aba3be08e6a72b54617bb666b12d4c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb
Size/MD5 checksum: 1769808 8d0ab1028149cabd9d946c44cf4d4f86
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 77158 5302b4e5edb3d0d7733481eaabdbddcf
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 85874 d6beacabf8db05137b4c4357ea7557e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 157884 d0f4ed5d1da24041179f9f2697f2ffcb
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 1096124 feea35b2ae01af3b06ee3ce8a854324e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 35968 0bb0b6c1018c466326b6406de4af093e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 150766 ff55f24b0b36722265644252857d8b5c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 1550792 97167182293fc8400cb9fefffc3670e7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb
Size/MD5 checksum: 57384 b2473f40bde45105c0bdec916ff93cdb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 86054 f78f586a8f15727e28c67bca58caaa26
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 1552410 94190014545b85b403a21e97d9901776
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 157716 e0bd0f1e90b1124b1441bc1f313a7764
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 1083814 a5968478d72e11f19d4e019d3095e51f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 36068 363ff5b0694c2fef407a92dea1ba1c4e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 77458 db7144590602bf3cf25cba5fdce485a8
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 57700 04626a4cb44728ea61bcb7f8d8ddc1ed
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb
Size/MD5 checksum: 150902 f3cb4f6ca36503d7b70aab6d559199d2
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 51792 e89680c8a9b4851ebb5ad0d304e6bbb7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 90002 ce367709844a87951f810524aadfea4c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 136864 0aabc007ab84b86a77f6c601ba8d44fd
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 87576 f18bba76c873a6238e78a80182c0cd38
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 1575144 506c85d9a8b03be737ccb8dd3fd31248
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 1141712 b6ab866de7c8c6f2051c2a813003a722
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 162358 08096969b7e8ef48d2ece9a86600004a
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb
Size/MD5 checksum: 41290 b7eb0528a3b1b8bd07247fd9e16b76c2
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 1586292 01001ec68f5ff6a090ebff3099265be0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 1035680 081c5ca040751dc4ec59d2a83289099c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 86854 5011337fee7f4dcfb62a6c95f7054e98
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 37422 731fb2009fa3cf47e270c35348d2e3e4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 82338 4f93e2f975642addd238eecf78a94779
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 165816 c69411004d08763f1b86a5d517592fc7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 144946 74bca185776b08ac50a9abcc17019e68
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb
Size/MD5 checksum: 52260 1324db10b3374beb81b98032ba92e2b8
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 51580 6052b09bd8c4cb9600156b24f185122a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 139570 2aa5b4d2d64849aa048489332f7e3aca
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 1561428 59199c965cba64d0aaf9a2de6c3432b6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 84282 edec6a1d4af9df91f2d2b5c20553dbe9
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 990474 e276a14d21a6d7661c91c3420c96e142
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 158256 d43c9657a710bb5969e704208502f59f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 78514 32c106b3332c95dd0f24d6cf5d208add
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb
Size/MD5 checksum: 36020 751c12e8f83f04b5fd54d4a23abdf6fc
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200712-14)以及相应补丁:
GLSA-200712-14:CUPS: Multiple vulnerabilities
链接:http://security.gentoo.org/glsa/glsa-200712-14.xml
所有CUPS用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r4"
浏览次数:4586
严重程度:0(网友投票)
绿盟科技给您安全的保障