---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: CUPS "lppasswd" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA38789 VERIFY ADVISORY: http://secunia.com/advisories/38789/ DESCRIPTION: A vulnerability has been discovered in CUPS, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the "lppasswd" utility (which may be installed suid root) not properly verifying certain environment variables (e.g. "LOCALEDIR") before using them. This can be exploited to e.g. execute arbitrary code by tricking the utility into using a specially crafted localisation file containing malicious format strings. The vulnerability is confirmed in version 1.3.11. Other versions may also be affected. Note: The manual page for "lppasswd" in version 1.3.11 recommends administrators to change or disable the ownership of the file for security reasons. CUPS 1.4.0, 1.4.1, and 1.4.2 do not install the "lppasswd" utility as suid root by default. SOLUTION: Restrict access to trusted users only. Remove the suid-bit from the "lppasswd" utility. PROVIDED AND/OR DISCOVERED BY: Ubuntu credits Ronald Volgers. CHANGELOG: 2010-03-04: Increased "criticality". ORIGINAL ADVISORY: CUPS: http://www.cups.org/str.php?L3482 Red Hat bug #558460: https://bugzilla.redhat.com/show_bug.cgi?id=558460 USN-906-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001054.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------