aru Posted May 29, 2003 Report Share Posted May 29, 2003 MandrakeSoft Security Advisory MDKSA-2003:062 : cups May 29th, 2003 Updated cups packages fix Denial of Service vulnerability A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default). This vulnerability has been fixed upstream in CUPS 1.1.19 and packages of previous versions have been fixed to correct the problem. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] 9.1 [*] 9.1/PPC [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:062 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0195 Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
tyme Posted June 2, 2003 Report Share Posted June 2, 2003 ISS reference: http://www.iss.net/security_center/static/12080.php Link to comment Share on other sites More sharing options...
Recommended Posts