Bug 168072 - CAN-2005-2874 Malformed HTTP Request URL denial of service
CAN-2005-2874 Malformed HTTP Request URL denial of service
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: cups (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-09-12 01:51 EDT by Richard Harman
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2005-772
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-27 07:52:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Richard Harman 2005-09-12 01:51:19 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050909 Red Hat/1.0.6-1.4.2 Firefox/1.0.6

Description of problem:
Connecting to the CUPS daemon on port 631, and sending a http request "GET /..\.." will cause the daemon to enter a tight loop, and eat up all available CPU.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. telnet example.com 631
2. type "GET /..\.." followed by enter twice
3. denial of service

Actual Results:  denial of service, cups daemon eating up 100% CPU

Expected Results:  graceful handling of malformed http request

Additional info:

Security Tracker advisory: http://securitytracker.com/id?1012811
Exploit: http://www.securiteam.com/exploits/5WP021PGUW.html
CUPS Release Notes from fixed version: http://www.cups.org/relnotes.php#010123
CUPS bug: http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042
Comment 1 Richard Harman 2005-09-12 01:54:56 EDT
This bug is fixed in CVS, and in the 1.1.23 release of CUPS.
Comment 5 Richard Harman 2005-09-14 21:52:07 EDT
OSVDB advisory: http://www.osvdb.org/12834

NVE Advisory:  http://nvd.nist.gov/nvd.cfm?cvename=CAN-2005-2874 (contains
inaccurate information, will update via US-CERT/NVE tomorrow morning)

Correct affected version info: 
    * Easy Software Products CUPS 1.1.21
    * Easy Software Products CUPS 1.1.22x
    * Easy Software Products CUPS 1.1.23rc1
Comment 6 Red Hat Bugzilla 2005-09-27 07:52:30 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.