CUPS Logic Error in Processing '/..' Requests Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1012811 |
|
SecurityTracker URL: http://securitytracker.com/id/1012811
|
|
CVE Reference:
CAN-2005-2874
(Links to External Site)
|
Updated: Sep 27 2005
|
Original Entry Date: Jan 7 2005
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 1.1.21, 1.1.22
|
Description:
A denial of service vulnerability was reported in CUPS. A remote user can cause the target service to hang.
kmuto reported that a remote user can send a specially crafted HTTP GET request to cause the target service to hang and consume all available CPU resources. A demonstration exploit request is provided:
GET /..a HTTP/1.1
The logic error was introduced after 1.1.20.
|
Impact:
A remote user can cause the CUPS service to hang and consume all available CPU resources.
|
Solution:
The vendor has released a fixed version (1.1.23), available at:
http://www.cups.org/software.php
Red Hat has issued a fix for Red Hat Enterprise Linux 4:
https://rhn.redhat.com/errata/RHSA-2005-772.html
|
Vendor URL: www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042 (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 7 Jan 2005 10:23:01 -0500
Subject: http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042
|
>>> I noticed your fix on STR#866 caused critical hang-up when invalid URL came.
>>> For example, 'GET /..a HTTP/1.1'.
>>> (This bug was found by nessus security audit software)
>> Thanks, will include the fix in 1.1.23.
> Fixed in CVS - the anonymous CVS repository will be updated at midnight EST.
|
|
