Bug 130646 - CAN-2004-0558 DOS in cups browsing
CAN-2004-0558 DOS in cups browsing
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: cups (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-23 09:17 EDT by Josh Bressers
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-09 04:54:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2004-08-23 09:17:55 EDT
A denial of service issue has been found in CUPS browsing.

The CUPS BTS has decent information.
http://www.cups.org/str.php?L863

This issue is supposed to be fixed in the release candidate which is
to go out on 20040824
Comment 1 Josh Bressers 2004-08-23 09:26:42 EDT
This issue should also affect FC1
Comment 2 Tim Waugh 2004-08-23 09:33:29 EDT
So is this embargoed, or do we just need to get packages out as soon
after 1.1.21rc2 as possible?

Do we know what upstream patch has been applied?  The STR attachment
was rejected by Mike Sweet wasn't it?
Comment 3 Tim Waugh 2004-08-23 09:34:22 EDT
This affects:

Red Hat Enterprise Linux 3
Fedora Core 1
Fedora Core 2
Comment 4 Josh Bressers 2004-09-03 11:16:44 EDT
This issue is embargoed until Sep 06.
Comment 5 Josh Bressers 2004-09-15 10:04:56 EDT
Removing embargo
Comment 6 don 2004-11-05 17:59:29 EST
Not sure if this is the same issue but fc3test3's cupsd loads the cpu
after being scanned with nessus 2.2.0.

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND 
         
 2195 root      25   0  7812 2124 6152 R 96.8  0.8  27:14.96 cupsd   
          

Maybe irrelevant but log says:

E [05/Nov/2004:14:31:45 -0800] Bad request line "^V^C^A" from localhost!
E [05/Nov/2004:14:31:45 -0800] Bad request line "^V^C" from localhost!
I [05/Nov/2004:14:32:08 -0800] Started
"/usr/lib/cups/cgi-bin/classes.cgi" (pid=
3620)
I [05/Nov/2004:14:32:12 -0800] Started
"/usr/lib/cups/cgi-bin/jobs.cgi" (pid=362
3)
I [05/Nov/2004:14:32:13 -0800] Started
"/usr/lib/cups/cgi-bin/printers.cgi" (pid
=3624)
E [05/Nov/2004:14:32:20 -0800] Bad URI "c:\boot.ini" in request!
E [05/Nov/2004:14:32:22 -0800] Bad request line "Secure *
Secure-HTTP/1.4" from 
localhost!
E [05/Nov/2004:14:32:24 -0800] Bad URI
"?osCsid=%22%3E%3Ciframe%20src=foo%3E%3C/
iframe%3E" in request!
E [05/Nov/2004:14:32:25 -0800] Bad operation "get"!
E [05/Nov/2004:14:32:25 -0800] Bad URI "HTTP/1.1" in request!
Comment 7 Mark J. Cox (Product Security) 2004-11-09 04:54:22 EST
This was actually fixed by FEDORA-2004-275

Note You need to log in before you can comment on or make changes to this bug.