CUPS Incomplete SSL Negotiation Remote DoS

medium Nessus Plugin ID 24901

Synopsis

The remote printer service is prone to a denial of service attack.

Description

The version of CUPS installed on the remote host suffers from a design flaw involving SSL auto-detection. By establishing a connection to a port on which the application attempts to auto-detect SSL and sending a single character, an unauthenticated, remote attacker can leverage this flaw to cause subsequent connections to hang until the first connection is closed.

Solution

Upgrade to CUPS version 1.2.7 or later.

See Also

http://www.cups.org/str.php?L2091+P0+S-2+C0+I0+E0+Q

http://www.cups.org/newsgroups.php?s25+gcups.announce+v30+T0

https://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

https://bugzilla.redhat.com/show_bug.cgi?id=232243

Plugin Details

Severity: Medium

ID: 24901

File Name: cups_ssl_negotiation_dos.nasl

Version: 1.20

Type: remote

Family: Misc.

Published: 3/27/2007

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: Settings/ParanoidReport, www/cups

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/15/2007

Reference Information

CVE: CVE-2007-0720

BID: 23127