Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability
BID:12200
Info
Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability
| Bugtraq ID: | 12200 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-2874 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 03 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery is credited to kmuto. |
| Vulnerable: |
SCO Open Server 6.0 SCO Open Server 5.0.7 Redhat Fedora Core3 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Easy Software Products CUPS 1.1.23 rc1 Easy Software Products CUPS 1.1.22 rc1 Easy Software Products CUPS 1.1.22 Easy Software Products CUPS 1.1.21 |
| Not Vulnerable: |
Easy Software Products CUPS 1.1.23 |
Discussion
Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability
CUPS is prone to a remotely exploitable denial-of-service vulnerability. This condition occurs when the server receives an HTTP GET request containing the string '/..'. This vulnerability is reportedly caused by a logic error.
This issue was introduced in the 1.1.21 release.
CUPS is prone to a remotely exploitable denial-of-service vulnerability. This condition occurs when the server receives an HTTP GET request containing the string '/..'. This vulnerability is reportedly caused by a logic error.
This issue was introduced in the 1.1.21 release.
Exploit / POC
Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability
The following example was provided:
GET /..a HTTP/1.1
The following example was provided:
GET /..a HTTP/1.1
Solution / Fix
Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability
Solution:
This issue has been addressed in version 1.1.23.
Please see the referenced advisories for details on obtaining and applying the appropriate updates.
Easy Software Products CUPS 1.1.21
Easy Software Products CUPS 1.1.22 rc1
Easy Software Products CUPS 1.1.22
SCO Open Server 5.0.7
SCO Open Server 6.0
Solution:
This issue has been addressed in version 1.1.23.
Please see the referenced advisories for details on obtaining and applying the appropriate updates.
Easy Software Products CUPS 1.1.21
-
Easy Software Products CUPS 1.1.23
http://www.cups.org/software.php?SOFTWARE=v1_2
Easy Software Products CUPS 1.1.22 rc1
-
Easy Software Products CUPS 1.1.23
http://www.cups.org/software.php?SOFTWARE=v1_2
Easy Software Products CUPS 1.1.22
-
Easy Software Products CUPS 1.1.23
http://www.cups.org/software.php?SOFTWARE=v1_2 -
RedHat Fedora cups-1.1.22-0.rc1.8.7.i386.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat Fedora cups-1.1.22-0.rc1.8.7.x86_64.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat Fedora cups-debuginfo-1.1.22-0.rc1.8.7.i386.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat Fedora cups-debuginfo-1.1.22-0.rc1.8.7.x86_64.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat Fedora cups-devel-1.1.22-0.rc1.8.7.i386.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat Fedora cups-devel-1.1.22-0.rc1.8.7.x86_64.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat Fedora cups-libs-1.1.22-0.rc1.8.7.i386.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat Fedora cups-libs-1.1.22-0.rc1.8.7.x86_64.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
SCO Open Server 5.0.7
-
SCO SCOSA-2005.51
OpenServer 5.0.7
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.51 -
SCO osr507mp4_vol.tar
OpenServer 5.0.7
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
SCO Open Server 6.0
-
SCO osr507mp4_vol.tar
OpenServer 6.0.0
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.51 -
SCO SCOSA-2005.51
OpenServer 6.0.0
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.51
References
Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability
References:
References:
- CUPS Product Page (Easy Software Products)
- RHSA-2005:772-8 - cups security update (RedHat)
- STR #1042 (Easy Software Products)