CVE-2003-0195
CVSS5.0
发布时间 :2003-06-16 00:00:00
修订时间 :2016-10-17 22:30:30
NMCOES    

[原文]CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.


[CNNVD]CUPS Cupsd请求模式远程拒绝服务攻击漏洞(CNNVD-200306-092)

        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        cupsd没有充分对恶意HTTP请求进行超时控制,远程攻击者可以利用这个漏洞对cupsd服务程序进行拒绝服务攻击。
        CUPS的IPP(Internet Printing Protocol)实现存在漏洞,IPP实现是单线程的,意味着每个时间只能对一个请求进行服务,而且没有对请求进行超时限制,攻击者提交一个不会超时的请求就可以导致服务程序停止对其他请求的服务,导致拒绝服务攻击。攻击者要利用此漏洞必须能连接IPP端口(默认为631)。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:slackware:slackware_linux:8.1Slackware Linux 8.1
cpe:/o:slackware:slackware_linux:9.0Slackware Linux 9.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:6Common Unix Printing System Partial Print DOS
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0195
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0195
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-092
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000678
(UNKNOWN)  CONECTIVA  CLSA-2003:678
http://marc.info/?l=bugtraq&m=105427288724449&w=2
(UNKNOWN)  BUGTRAQ  20030529 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)
http://www.debian.org/security/2003/dsa-317
(VENDOR_ADVISORY)  DEBIAN  DSA-317
http://www.mandriva.com/security/advisories?name=MDKSA-2003:062
(UNKNOWN)  MANDRAKE  MDKSA-2003:062
http://www.novell.com/linux/security/advisories/2003_028.html
(UNKNOWN)  SUSE  SuSE-SA:2003:028
http://www.redhat.com/support/errata/RHSA-2003-171.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:171
http://www.securityfocus.com/bid/7637
(UNKNOWN)  BID  7637
http://www.turbolinux.com/security/TLSA-2003-33.txt
(UNKNOWN)  TURBO  TLSA-2003-33

- 漏洞信息

CUPS Cupsd请求模式远程拒绝服务攻击漏洞
中危 设计错误
2003-06-16 00:00:00 2005-10-20 00:00:00
远程  
        
        Common Unix Printing System (CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        cupsd没有充分对恶意HTTP请求进行超时控制,远程攻击者可以利用这个漏洞对cupsd服务程序进行拒绝服务攻击。
        CUPS的IPP(Internet Printing Protocol)实现存在漏洞,IPP实现是单线程的,意味着每个时间只能对一个请求进行服务,而且没有对请求进行超时限制,攻击者提交一个不会超时的请求就可以导致服务程序停止对其他请求的服务,导致拒绝服务攻击。攻击者要利用此漏洞必须能连接IPP端口(默认为631)。
        

- 公告与补丁

        厂商补丁:
        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:062)以及相应补丁:
        MDKSA-2003:062:Updated cups packages fix Denial of Service vulnerability
        链接:
        http://www.linux-mandrake.com/en/security/2003/2003-062.php

        补丁下载:
        Updated Packages:
        Corporate Server 2.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/cups-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/cups-common-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/cups-serial-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libcups1-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/cups-1.1.18-2.1mdk.src.rpm
        Mandrake Linux 8.2:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/cups-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/cups-common-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/cups-serial-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libcups1-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libcups1-devel-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/cups-1.1.18-2.1mdk.src.rpm
        Mandrake Linux 8.2/PPC:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/cups-1.1.18-2.1mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/cups-common-1.1.18-2.1mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/cups-serial-1.1.18-2.1mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libcups1-1.1.18-2.1mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libcups1-devel-1.1.18-2.1mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/cups-1.1.18-2.1mdk.src.rpm
        Mandrake Linux 9.0:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/cups-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/cups-common-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/cups-serial-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libcups1-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libcups1-devel-1.1.18-2.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/cups-1.1.18-2.1mdk.src.rpm
        Mandrake Linux 9.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/cups-1.1.19-1.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/cups-common-1.1.19-1.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/cups-serial-1.1.19-1.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libcups1-1.1.19-1.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libcups1-devel-1.1.19-1.1mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/cups-1.1.19-1.1mdk.src.rpm
        Mandrake Linux 9.1/PPC:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/cups-1.1.19-1.1mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/cups-common-1.1.19-1.1mdk.ppc.rpm
        

- 漏洞信息 (22619)

CUPS 1.1.x Cupsd Request Method Denial Of Service Vulnerability (EDBID:22619)
linux dos
2003-05-20 Verified
0 Phil D'Amore
N/A [点击下载]
source: http://www.securityfocus.com/bid/7637/info

The cupsd has been reported prone to a denial of service vulnerability.

Reportedly the cupsd does not adequately apply a time-out process for malicious HTTP requests and service is denied to subsequent cupsd requests.

This issue may be exploited by remote attackers to deny cupsd service to valid users.

$ telnet <your_favorite_cups_server> ipp
POST /printers/<your_favorite_printer> HTTP/1.1

Don't enter the second carriage return to complete the headers, just the POST line and one carriage return. 		

- 漏洞信息

4780
CUPS Partial IPP Request DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-05-29 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CUPS Cupsd Request Method Denial Of Service Vulnerability
Design Error 7637
Yes No
2003-05-20 12:00:00 2009-07-11 10:06:00
Discovery of this vulnerability has been credited to Phil D'Amore of Red Hat.

- 受影响的程序版本

Terra Soft Solutions Yellow Dog Linux 3.0
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
RedHat Linux 9.0 i386
RedHat Linux 8.0 i386
RedHat Linux 7.3 i386
Mandriva Linux Mandrake 9.1 ppc
Mandriva Linux Mandrake 9.1
Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 8.2 ppc
Mandriva Linux Mandrake 8.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 2.1
Easy Software Products CUPS 1.1.19
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Easy Software Products CUPS 1.1.17
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Easy Software Products CUPS 1.1.16
+ Mandriva Linux Mandrake 9.0
Easy Software Products CUPS 1.1.15
+ Conectiva Linux Enterprise Edition 1.0
+ S.u.S.E. Linux 8.1
Easy Software Products CUPS 1.1.14
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Easy Software Products CUPS 1.1.12
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Easy Software Products CUPS 1.1.10
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
Easy Software Products CUPS 1.1.6
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Easy Software Products CUPS 1.1.19 rc5
DrPhibez and Nitro187 Guild FTPD 1.1.19 rc5

- 不受影响的程序版本

Easy Software Products CUPS 1.1.19 rc5
DrPhibez and Nitro187 Guild FTPD 1.1.19 rc5

- 漏洞讨论

The cupsd has been reported prone to a denial of service vulnerability.

Reportedly the cupsd does not adequately apply a time-out process for malicious HTTP requests and service is denied to subsequent cupsd requests.

This issue may be exploited by remote attackers to deny cupsd service to valid users.

- 漏洞利用

The following proof of concept exploit was discovered by twaugh@redhat.com:

$ telnet &lt;your_favorite_cups_server&gt; ipp
POST /printers/&lt;your_favorite_printer&gt; HTTP/1.1

Don't enter the second carriage return to complete the headers, just the POST line and one carriage return.

- 解决方案

The vendor has released patches to address this issue.

Conectiva has released advisory CLA-2003:702 to address this issue. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Conectiva has released an advisory (CLSA-2003:678) and fixes to address this issue. See referenced advisory for further detail.

SuSE has released security advisory (SuSE-SA:2003:028) to address this issue. Fixes are available below.

Red Hat has released security advisory RHSA-2003:171-01 to address this issue. Fixes are available below.

Turbolinux has released an advisory (TLSA-2003-33) to address this issue. Turbolinux have advised customers to use the turbopkg tool to apply the update. See attached advisory for further details relating to obtaining and applying fixes.

Mandrake has release advisory MDKSA-2003:062 to address this issue. See referenced advisory for fix information.

Debian has released an advisory (DSA 317-1) to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released advisory 200306-09. Affected users are advised to perform the following actions:

emerge sync
emerge cups
emerge clean


Slackware Linux -current

Easy Software Products CUPS 1.1.10

Easy Software Products CUPS 1.1.12

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.15

Easy Software Products CUPS 1.1.16

Easy Software Products CUPS 1.1.18

Easy Software Products CUPS 1.1.19

Easy Software Products CUPS 1.1.6

Terra Soft Solutions Yellow Dog Linux 3.0

RedHat Linux 7.3 i386

RedHat Linux 8.0 i386

Slackware Linux 8.1

RedHat Linux 9.0 i386

Slackware Linux 9.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站