Boletines de Vulnerabilidades

int(1850)

Boletines de Vulnerabilidades

Denegación de servicio en CUPS
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Denegación de Servicio
Dificultad	Principiante
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio estandar
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	CUPS < 1.1.23
Descripción
Se ha descubierto una vulnerabilidad de denegación de servicio en CUPS versiones anteriores a 1.1.23. La vulnerabilidad reside en la forma en que se procesan ciertas cadenas de caracteres en la función "is_path_absolute" en "scheduler/client.c". Un atacante remoto podría causar una denegación de servicio de CUPS mediante peticiones HTTP GET especialmente diseñadas.
Solución
Actualización de software Red Hat Red Hat Desktop (v. 4) / SRPMS cups-1.1.22-0.rc1.9.8.src.rpm Red Hat Desktop (v. 4) / IA-32 cups-1.1.22-0.rc1.9.8.i386.rpm cups-devel-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm Red Hat Desktop (v. 4) / x86_64 cups-1.1.22-0.rc1.9.8.x86_64.rpm cups-devel-1.1.22-0.rc1.9.8.x86_64.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS cups-1.1.22-0.rc1.9.8.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 cups-1.1.22-0.rc1.9.8.i386.rpm cups-devel-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 cups-1.1.22-0.rc1.9.8.ia64.rpm cups-devel-1.1.22-0.rc1.9.8.ia64.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC cups-1.1.22-0.rc1.9.8.ppc.rpm cups-devel-1.1.22-0.rc1.9.8.ppc.rpm cups-libs-1.1.22-0.rc1.9.8.ppc.rpm cups-libs-1.1.22-0.rc1.9.8.ppc64.rpm Red Hat Enterprise Linux AS (v. 4) / s390 cups-1.1.22-0.rc1.9.8.s390.rpm cups-devel-1.1.22-0.rc1.9.8.s390.rpm cups-libs-1.1.22-0.rc1.9.8.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x cups-1.1.22-0.rc1.9.8.s390x.rpm cups-devel-1.1.22-0.rc1.9.8.s390x.rpm cups-libs-1.1.22-0.rc1.9.8.s390.rpm cups-libs-1.1.22-0.rc1.9.8.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 cups-1.1.22-0.rc1.9.8.x86_64.rpm cups-devel-1.1.22-0.rc1.9.8.x86_64.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS cups-1.1.22-0.rc1.9.8.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 cups-1.1.22-0.rc1.9.8.i386.rpm cups-devel-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 cups-1.1.22-0.rc1.9.8.ia64.rpm cups-devel-1.1.22-0.rc1.9.8.ia64.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 cups-1.1.22-0.rc1.9.8.x86_64.rpm cups-devel-1.1.22-0.rc1.9.8.x86_64.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS cups-1.1.22-0.rc1.9.8.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 cups-1.1.22-0.rc1.9.8.i386.rpm cups-devel-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 cups-1.1.22-0.rc1.9.8.ia64.rpm cups-devel-1.1.22-0.rc1.9.8.ia64.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 cups-1.1.22-0.rc1.9.8.x86_64.rpm cups-devel-1.1.22-0.rc1.9.8.x86_64.rpm cups-libs-1.1.22-0.rc1.9.8.i386.rpm cups-libs-1.1.22-0.rc1.9.8.x86_64.rpm SCO OpenServer 5.0.7 ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar OpenServer 6.0.0 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.51
Identificadores estándar
Propiedad	Valor
CVE	CAN-2005-2874
BID
Recursos adicionales
Red Hat Security Advisory (RHSA-2005:772-8) https://rhn.redhat.com/errata/RHSA-2005-772.html SCO Security Advisory (SCOSA-2005.51) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.51/SCOSA-2005.51.txt