Info

Disclosure

Dec 30, 2004

Discovery

Unknown

Dates

Exploit

Dec 30, 2004

Solution

Unknown

Description

CUPS contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted url including /.. is sent to the CUPS server, and will result in loss of availability for the service.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.1.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Red Hat, Inc.	Red Hat Enterprise Linux	4
		3
	Fedora	Core 3

Easy Software Products	CUPS	1.1.21
		1.1.22x
		1.1.23rc1
		1.1.23

References

Security Tracker: 1012811
Secunia Advisory ID: 16912 16950
CVE ID: 2005-2874 (see also: NVD)
Vendor Specific Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-772.html
Vendor URL: http://www.cups.org/
Vendor Specific News/Changelog Entry: http://www.cups.org/newsgroups.php?s928+gcups.bugs+v935+T0
http://www.cups.org/relnotes.php#010123
http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042
Generic Exploit URL: http://www.securiteam.com/exploits/5WP021PGUW.html
Keyword: tcp port 631

Credit

kmuto -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Red Hat, Inc.

Red Hat Enterprise Linux

Fedora

Easy Software Products

CUPS

References

Credit