Red Hat Bugzilla – Bug 130646
CAN-2004-0558 DOS in cups browsing
Last modified: 2007-11-30 17:10:47 EST
A denial of service issue has been found in CUPS browsing.
The CUPS BTS has decent information.
This issue is supposed to be fixed in the release candidate which is
to go out on 20040824
This issue should also affect FC1
So is this embargoed, or do we just need to get packages out as soon
after 1.1.21rc2 as possible?
Do we know what upstream patch has been applied? The STR attachment
was rejected by Mike Sweet wasn't it?
Red Hat Enterprise Linux 3
Fedora Core 1
Fedora Core 2
This issue is embargoed until Sep 06.
Not sure if this is the same issue but fc3test3's cupsd loads the cpu
after being scanned with nessus 2.2.0.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2195 root 25 0 7812 2124 6152 R 96.8 0.8 27:14.96 cupsd
Maybe irrelevant but log says:
E [05/Nov/2004:14:31:45 -0800] Bad request line "^V^C^A" from localhost!
E [05/Nov/2004:14:31:45 -0800] Bad request line "^V^C" from localhost!
I [05/Nov/2004:14:32:08 -0800] Started
I [05/Nov/2004:14:32:12 -0800] Started
I [05/Nov/2004:14:32:13 -0800] Started
E [05/Nov/2004:14:32:20 -0800] Bad URI "c:\boot.ini" in request!
E [05/Nov/2004:14:32:22 -0800] Bad request line "Secure *
E [05/Nov/2004:14:32:24 -0800] Bad URI
iframe%3E" in request!
E [05/Nov/2004:14:32:25 -0800] Bad operation "get"!
E [05/Nov/2004:14:32:25 -0800] Bad URI "HTTP/1.1" in request!
This was actually fixed by FEDORA-2004-275