Bug 168106 - CAN-2005-2874 Malformed HTTP Request URL denial of service
CAN-2005-2874 Malformed HTTP Request URL denial of service
Product: Fedora
Classification: Fedora
Component: cups (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-09-12 10:47 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-10-25 07:48:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-09-12 10:47:51 EDT
+++ This bug was initially created as a clone of Bug #168072 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050909
Red Hat/1.0.6-1.4.2 Firefox/1.0.6

Description of problem:
Connecting to the CUPS daemon on port 631, and sending a http request "GET
/..\.." will cause the daemon to enter a tight loop, and eat up all available CPU.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. telnet example.com 631
2. type "GET /..\.." followed by enter twice
3. denial of service

Actual Results:  denial of service, cups daemon eating up 100% CPU

Expected Results:  graceful handling of malformed http request

Additional info:

Security Tracker advisory: http://securitytracker.com/id?1012811
Exploit: http://www.securiteam.com/exploits/5WP021PGUW.html
CUPS Release Notes from fixed version: http://www.cups.org/relnotes.php#010123
CUPS bug: http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042
Comment 1 Fedora Update System 2005-09-22 12:25:02 EDT
From User-Agent: XML-RPC

cups-1.1.22-0.rc1.8.7 has been pushed for FC3, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 2 Mark J. Cox 2005-10-25 07:48:15 EDT
        CAN-2005-2874 Affects: FC3 [#168106:ASSIGNED] -> FEDORA-2005-908

Note You need to log in before you can comment on or make changes to this bug.