int(1850)

Vulnerability Bulletins

Denegación de servicio en CUPS

Vulnerability classification
Property Value
Confidence level Oficial
Impact Denegación de Servicio
Dificulty Principiante
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information
Property Value
Affected manufacturer GNU/Linux
Affected software CUPS < 1.1.23

Description
Se ha descubierto una vulnerabilidad de denegación de servicio en CUPS versiones anteriores a 1.1.23. La vulnerabilidad reside en la forma en que se procesan ciertas cadenas de caracteres en la función "is_path_absolute" en "scheduler/client.c".

Un atacante remoto podría causar una denegación de servicio de CUPS mediante peticiones HTTP GET especialmente diseñadas.

Solution


Actualización de software

Red Hat

Red Hat Desktop (v. 4) / SRPMS
cups-1.1.22-0.rc1.9.8.src.rpm

Red Hat Desktop (v. 4) / IA-32
cups-1.1.22-0.rc1.9.8.i386.rpm
cups-devel-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm

Red Hat Desktop (v. 4) / x86_64
cups-1.1.22-0.rc1.9.8.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.8.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.x86_64.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
cups-1.1.22-0.rc1.9.8.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
cups-1.1.22-0.rc1.9.8.i386.rpm
cups-devel-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-64
cups-1.1.22-0.rc1.9.8.ia64.rpm
cups-devel-1.1.22-0.rc1.9.8.ia64.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.ia64.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
cups-1.1.22-0.rc1.9.8.ppc.rpm
cups-devel-1.1.22-0.rc1.9.8.ppc.rpm
cups-libs-1.1.22-0.rc1.9.8.ppc.rpm
cups-libs-1.1.22-0.rc1.9.8.ppc64.rpm

Red Hat Enterprise Linux AS (v. 4) / s390
cups-1.1.22-0.rc1.9.8.s390.rpm
cups-devel-1.1.22-0.rc1.9.8.s390.rpm
cups-libs-1.1.22-0.rc1.9.8.s390.rpm

Red Hat Enterprise Linux AS (v. 4) / s390x
cups-1.1.22-0.rc1.9.8.s390x.rpm
cups-devel-1.1.22-0.rc1.9.8.s390x.rpm
cups-libs-1.1.22-0.rc1.9.8.s390.rpm
cups-libs-1.1.22-0.rc1.9.8.s390x.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
cups-1.1.22-0.rc1.9.8.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.8.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.x86_64.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
cups-1.1.22-0.rc1.9.8.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
cups-1.1.22-0.rc1.9.8.i386.rpm
cups-devel-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-64
cups-1.1.22-0.rc1.9.8.ia64.rpm
cups-devel-1.1.22-0.rc1.9.8.ia64.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.ia64.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
cups-1.1.22-0.rc1.9.8.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.8.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.x86_64.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
cups-1.1.22-0.rc1.9.8.src.rpm
Red Hat Enterprise Linux WS (v. 4) / IA-32
cups-1.1.22-0.rc1.9.8.i386.rpm
cups-devel-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-64
cups-1.1.22-0.rc1.9.8.ia64.rpm
cups-devel-1.1.22-0.rc1.9.8.ia64.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.ia64.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
cups-1.1.22-0.rc1.9.8.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.8.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.8.i386.rpm
cups-libs-1.1.22-0.rc1.9.8.x86_64.rpm

SCO
OpenServer 5.0.7
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
OpenServer 6.0.0
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.51

Standar resources
Property Value
CVE CAN-2005-2874
BID

Other resources
Red Hat Security Advisory (RHSA-2005:772-8)
https://rhn.redhat.com/errata/RHSA-2005-772.html

SCO Security Advisory (SCOSA-2005.51)
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.51/SCOSA-2005.51.txt

Version history
Version Comments Date
1.0 Aviso emitido 2005-10-03
1.1 Aviso emitido por SCO (SCOSA-2005.51) 2005-11-25
Ministerio de Defensa
CNI
CCN
CCN-CERT