CVE-2005-2874
CVSS5.0
发布时间 :2005-09-13 18:03:00
修订时间 :2010-08-21 00:32:19
NMCOS    

[原文]The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.


[CNNVD]Easy CUPS HTTP GET拒绝服务漏洞(CNNVD-200509-102)

        Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS 1.1.23之前版本的scheduler/client.c后台程序中有is_path_absolute函数。远程攻击者可以通过HTTP请求中的"..\.." URL引起拒绝服务攻击(通过固定循环消耗CPU)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:easy_software_products:cups:1.1.20_rc5
cpe:/a:easy_software_products:cups:1.1.3
cpe:/a:easy_software_products:cups:1.1.9_1
cpe:/a:easy_software_products:cups:1.1.6_1
cpe:/a:easy_software_products:cups:1.1.19_rc3
cpe:/a:easy_software_products:cups:1.1.20_rc1
cpe:/a:easy_software_products:cups:1.1.19_rc2
cpe:/a:easy_software_products:cups:1.1.19_rc5
cpe:/a:easy_software_products:cups:1.1.5_1
cpe:/a:easy_software_products:cups:1.1.11
cpe:/a:easy_software_products:cups:1.1.14
cpe:/a:easy_software_products:cups:1.1.5
cpe:/a:easy_software_products:cups:1.1.16
cpe:/a:easy_software_products:cups:1.1.15
cpe:/a:easy_software_products:cups:1.1.21_rc1
cpe:/a:easy_software_products:cups:1.1.1
cpe:/a:easy_software_products:cups:1.1.10_1
cpe:/a:easy_software_products:cups:1.1.19_rc1
cpe:/a:easy_software_products:cups:1.1.8
cpe:/a:easy_software_products:cups:1.1.20_rc6
cpe:/a:easy_software_products:cups:1.1.20_rc4
cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:easy_software_products:cups:1.1
cpe:/a:easy_software_products:cups:1.1.22_rc2
cpe:/a:easy_software_products:cups:1.1.12
cpe:/a:easy_software_products:cups:1.1.6_2
cpe:/a:easy_software_products:cups:1.1.2
cpe:/a:easy_software_products:cups:1.1.5_2
cpe:/a:easy_software_products:cups:1.1.21
cpe:/a:easy_software_products:cups:1.1.21_rc2
cpe:/a:easy_software_products:cups:1.1.18
cpe:/a:easy_software_products:cups:1.1.19_rc4
cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:easy_software_products:cups:1.1.20_rc3
cpe:/a:easy_software_products:cups:1.1.6_3
cpe:/a:easy_software_products:cups:1.1.22_rc1
cpe:/a:easy_software_products:cups:1.1.20
cpe:/a:easy_software_products:cups:1.1.20_rc2
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:easy_software_products:cups:1.1.9
cpe:/a:easy_software_products:cups:1.1.10
cpe:/a:easy_software_products:cups:1.1.19
cpe:/a:easy_software_products:cups:1.1.22

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9774The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of servic...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2874
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2874
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-102
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072
(VENDOR_ADVISORY)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168072
http://securitytracker.com/id?1012811
(VENDOR_ADVISORY)  SECTRACK  1012811
http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042
(VENDOR_ADVISORY)  CONFIRM  http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042
http://www.cups.org/relnotes.php#010123
(UNKNOWN)  CONFIRM  http://www.cups.org/relnotes.php#010123
http://www.redhat.com/support/errata/RHSA-2005-772.html
(UNKNOWN)  REDHAT  RHSA-2005:772
http://lwn.net/Alerts/152835/
(UNKNOWN)  FEDORA  FEDORA-2005-908

- 漏洞信息

Easy CUPS HTTP GET拒绝服务漏洞
中危 其他
2005-09-13 00:00:00 2005-10-20 00:00:00
远程  
        Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
        CUPS 1.1.23之前版本的scheduler/client.c后台程序中有is_path_absolute函数。远程攻击者可以通过HTTP请求中的"..\.." URL引起拒绝服务攻击(通过固定循环消耗CPU)。

- 公告与补丁

        暂无数据

- 漏洞信息

12834
CUPS Malformed Traversal HTTP Request Remote DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

CUPS contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted url including /.. is sent to the CUPS server, and will result in loss of availability for the service.

- 时间线

2004-12-30 Unknow
2004-12-30 Unknow

- 解决方案

Upgrade to version 1.1.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 12200
Yes No
2005-01-03 12:00:00 2009-07-12 09:27:00
Discovery is credited to kmuto.

- 受影响的程序版本

SCO Open Server 6.0
SCO Open Server 5.0.7
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 4
Easy Software Products CUPS 1.1.23 rc1
+ Gentoo Linux
Easy Software Products CUPS 1.1.22 rc1
Easy Software Products CUPS 1.1.22
Easy Software Products CUPS 1.1.21
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Easy Software Products CUPS 1.1.23
+ Gentoo Linux

- 不受影响的程序版本

Easy Software Products CUPS 1.1.23
+ Gentoo Linux

- 漏洞讨论

CUPS is prone to a remotely exploitable denial-of-service vulnerability. This condition occurs when the server receives an HTTP GET request containing the string '/..'. This vulnerability is reportedly caused by a logic error.

This issue was introduced in the 1.1.21 release.

- 漏洞利用

The following example was provided:

GET /..a HTTP/1.1

- 解决方案


This issue has been addressed in version 1.1.23.

Please see the referenced advisories for details on obtaining and applying the appropriate updates.


Easy Software Products CUPS 1.1.21

Easy Software Products CUPS 1.1.22 rc1

Easy Software Products CUPS 1.1.22

SCO Open Server 5.0.7

SCO Open Server 6.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站