Bug 130646 - CAN-2004-0558 DOS in cups browsing
Summary: CAN-2004-0558 DOS in cups browsing
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cups   
(Show other bugs)
Version: 2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-08-23 13:17 UTC by Josh Bressers
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-09 09:54:22 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Josh Bressers 2004-08-23 13:17:55 UTC
A denial of service issue has been found in CUPS browsing.

The CUPS BTS has decent information.
http://www.cups.org/str.php?L863

This issue is supposed to be fixed in the release candidate which is
to go out on 20040824

Comment 1 Josh Bressers 2004-08-23 13:26:42 UTC
This issue should also affect FC1

Comment 2 Tim Waugh 2004-08-23 13:33:29 UTC
So is this embargoed, or do we just need to get packages out as soon
after 1.1.21rc2 as possible?

Do we know what upstream patch has been applied?  The STR attachment
was rejected by Mike Sweet wasn't it?

Comment 3 Tim Waugh 2004-08-23 13:34:22 UTC
This affects:

Red Hat Enterprise Linux 3
Fedora Core 1
Fedora Core 2


Comment 4 Josh Bressers 2004-09-03 15:16:44 UTC
This issue is embargoed until Sep 06.

Comment 5 Josh Bressers 2004-09-15 14:04:56 UTC
Removing embargo

Comment 6 don 2004-11-05 22:59:29 UTC
Not sure if this is the same issue but fc3test3's cupsd loads the cpu
after being scanned with nessus 2.2.0.

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND 
         
 2195 root      25   0  7812 2124 6152 R 96.8  0.8  27:14.96 cupsd   
          

Maybe irrelevant but log says:

E [05/Nov/2004:14:31:45 -0800] Bad request line "^V^C^A" from localhost!
E [05/Nov/2004:14:31:45 -0800] Bad request line "^V^C" from localhost!
I [05/Nov/2004:14:32:08 -0800] Started
"/usr/lib/cups/cgi-bin/classes.cgi" (pid=
3620)
I [05/Nov/2004:14:32:12 -0800] Started
"/usr/lib/cups/cgi-bin/jobs.cgi" (pid=362
3)
I [05/Nov/2004:14:32:13 -0800] Started
"/usr/lib/cups/cgi-bin/printers.cgi" (pid
=3624)
E [05/Nov/2004:14:32:20 -0800] Bad URI "c:\boot.ini" in request!
E [05/Nov/2004:14:32:22 -0800] Bad request line "Secure *
Secure-HTTP/1.4" from 
localhost!
E [05/Nov/2004:14:32:24 -0800] Bad URI
"?osCsid=%22%3E%3Ciframe%20src=foo%3E%3C/
iframe%3E" in request!
E [05/Nov/2004:14:32:25 -0800] Bad operation "get"!
E [05/Nov/2004:14:32:25 -0800] Bad URI "HTTP/1.1" in request!


Comment 7 Mark J. Cox 2004-11-09 09:54:22 UTC
This was actually fixed by FEDORA-2004-275


Note You need to log in before you can comment on or make changes to this bug.