Mandrake Linux Security Advisory : cups (MDKSA-2003:062)

medium Nessus Plugin ID 14045

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default).

This vulnerability has been fixed upstream in CUPS 1.1.19 and packages of previous versions have been fixed to correct the problem.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 14045

File Name: mandrake_MDKSA-2003-062.nasl

Version: 1.17

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:cups, p-cpe:/a:mandriva:linux:cups-common, p-cpe:/a:mandriva:linux:cups-serial, p-cpe:/a:mandriva:linux:libcups1, p-cpe:/a:mandriva:linux:libcups1-devel, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 5/29/2003

Reference Information

CVE: CVE-2003-0195

MDKSA: 2003:062