+++ This bug was initially created as a clone of Bug #168072 +++ From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050909 Red Hat/1.0.6-1.4.2 Firefox/1.0.6 Description of problem: Connecting to the CUPS daemon on port 631, and sending a http request "GET /..\.." will cause the daemon to enter a tight loop, and eat up all available CPU. Version-Release number of selected component (if applicable): cups-1.1.22-0.rc1.9.7 How reproducible: Always Steps to Reproduce: 1. telnet example.com 631 2. type "GET /..\.." followed by enter twice 3. denial of service Actual Results: denial of service, cups daemon eating up 100% CPU Expected Results: graceful handling of malformed http request Additional info: Security Tracker advisory: http://securitytracker.com/id?1012811 Exploit: http://www.securiteam.com/exploits/5WP021PGUW.html CUPS Release Notes from fixed version: http://www.cups.org/relnotes.php#010123 CUPS bug: http://www.cups.org/str.php?L1042+P0+S-1+C0+I0+E0+Q1042
From User-Agent: XML-RPC cups-1.1.22-0.rc1.8.7 has been pushed for FC3, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
CAN-2005-2874 Affects: FC3 [#168106:ASSIGNED] -> FEDORA-2005-908