RHEL 3 : cups (RHSA-2004:449)

medium Nessus Plugin ID 14737

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated cups packages that fix a denial of service vulnerability are now available.

The Common UNIX Printing System (CUPS) is a print spooler.

Alvaro Martinez Echevarria reported a bug in the CUPS Internet Printing Protocol (IPP) implementation in versions of CUPS prior to 1.1.21. An attacker could send a carefully crafted UDP packet to the IPP port which could cause CUPS to stop listening to the port and result in a denial of service. In order to exploit this bug, an attacker would need to have the ability to send a UDP packet to the IPP port (by default 631). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0558 to this issue.

All users of cups should upgrade to these updated packages, which contain a backported patch as well as a fix for a non-exploitable off-by-one bug.

Solution

Update the affected cups, cups-devel and / or cups-libs packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0558

https://github.com/apple/cups/issues/863

https://access.redhat.com/errata/RHSA-2004:449

Plugin Details

Severity: Medium

ID: 14737

File Name: redhat-RHSA-2004-449.nasl

Version: 1.28

Type: local

Agent: unix

Published: 9/15/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:cups-devel, p-cpe:/a:redhat:enterprise_linux:cups-libs, cpe:/o:redhat:enterprise_linux:3, p-cpe:/a:redhat:enterprise_linux:cups

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 9/15/2004

Vulnerability Publication Date: 9/28/2004

Reference Information

CVE: CVE-2004-0558

RHSA: 2004:449