Updated CUPS packages are available for Red Hat Linux 7.3 and 8.0 which fix various security issues.
The Common UNIX Printing System (CUPS) provides a portable printing layer. A number of vulnerabilities have been discovered in CUPS. CUPS was distributed with Red Hat Linux 7.3 and 8.0 but is not installed by default. 1. An integer overflow exists in the CUPS HTTP interface that allows a local attacker to gain the permissions of the 'lp' user. (CAN-2002-1383) 2. A race condition exists in the creation of a pid file which allows an attacker who already has privileges of the 'lp' user (for example from utilizing a different exploit) to create or overwrite any file as root, leading to arbitrary code execution. (CAN-2002-1366) 3. It is possible to remotely add a printer to CUPS by sending a specially crafted UDP packet. If an attacker utilizes this vulnerability, they could add a printer with a tainted name that if clicked on in the web administration interface could be used to exploit other vulnerabilities. (CAN-2002-1367) By utilizing this vulnerability, an attacker could take a number of steps to be able to get hold of the certificate used to access the administrative section of the CUPS server and potentially add a printer that will execute commands with root privileges. 4. Problems with chunked encoding and negative content length handling in the CUPS HTTP interface can cause CUPS to crash. On Red Hat Linux platforms this can cause a denial of service (DoS) against CUPS. (CAN-2002-1368) 5. A number of integer overflows exist in the image handling code of the filters in CUPS. In addition, CUPS does not properly check for zero width GIF images. These vulnerabilities allow an attacker who has the ability to print to run arbitrary code as the 'lp' user. (CAN-2002-1371) 6. An integer overflow exists in the CUPS pdftops filter. This can be exploited by an attacker who is able to print sending a carefully crafted PDF file which can execute arbitrary commands as the 'lp' user. (CAN-2002-1384) 7. A buffer overflow exists in setting up the job management options. When combined with other vulnerabilities, this could allow a local user to gain root privileges. This issue only affects the version of CUPS shipped with Red Hat Linux 7.3. (CAN-2002-1369) 8. A bug in the select() call would allow an easy DoS attack which would cause CUPS to not recover once the DoS has stopped. (CAN-2002-1372) Red Hat Linux 7.3 and 8.0 were shipped with versions of CUPS that are vulnerable to these issues. All users of CUPS are advised to upgrade to the erratum packages which contain a patch to correct these issue.