SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CUPS Vendors:   Easy Software Products
(Fedora Issues Fix for FC2) CUPS Browsing Can Be Disabled By Remote Users
SecurityTracker Alert ID:  1011444
SecurityTracker URL:  http://securitytracker.com/id/1011444
CVE Reference:   CVE-2004-0558   (Links to External Site)
Date:  Sep 28 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Common UNIX Printing System (CUPS). A remote user can disable browsing.

Debian reported that a remote user can send a sepcially crafted UDP packet containing illegal URL characters to cupsd on port 631 to cause denial of service conditions.

The flaw resides in 'scheduler/dirsvc.c'.

Alvaro Martinez Echevarria is credited with discovering and patching the flaw.

Impact:   A remote user can disable CUPS browsing.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

43053868e766009625ad430adfe935df SRPMS/cups-1.1.20-11.3.src.rpm
a17bc35fb4befa32cda3c01f003112fe x86_64/cups-1.1.20-11.3.x86_64.rpm
46d79527e7be77044d40bd596aa540c4 x86_64/cups-devel-1.1.20-11.3.x86_64.rpm
facb9f477e3b376fd326d4b8734ff953 x86_64/cups-libs-1.1.20-11.3.x86_64.rpm
5e3f80ee8e1a31a95ec0c6125ee4d977 x86_64/debug/cups-debuginfo-1.1.20-11.3.x86_64.rpm
93c3fd2f1a873f2aa2655552fc82c099 x86_64/cups-libs-1.1.20-11.3.i386.rpm
2a7235d7f9a4eaf807b1d8f390eb64e1 i386/cups-1.1.20-11.3.i386.rpm
99886d980b9782bc6f95fb5c4459b2e1 i386/cups-devel-1.1.20-11.3.i386.rpm
93c3fd2f1a873f2aa2655552fc82c099 i386/cups-libs-1.1.20-11.3.i386.rpm
8dbf2a8c61067a7765efc6b6e1574fa8 i386/debug/cups-debuginfo-1.1.20-11.3.i386.rpm

Vendor URL:  www.cups.org/ (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2

Message History:   This archive entry is a follow-up to the message listed below.
Sep 15 2004 CUPS Browsing Can Be Disabled By Remote Users



 Source Message Contents

Subject:  [SECURITY] Fedora Core 2 Update: cups-1.1.20-11.3



--===============2004352177==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Y/WcH0a6A93yCHGr"
Content-Disposition: inline


--Y/WcH0a6A93yCHGr
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-275
2004-09-28
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : cups
Version     : 1.1.20                     =20
Release     : 11.3                 =20
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX=EF=BF=BD operating systems. It has been developed by Easy Software Pro=
ducts
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

---------------------------------------------------------------------
Update Information:

This update fixes a denial of service problem causing loss of browse
services.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0558 to this issue.

In addition, this update fixes the cupsenable, cupsdisable and accept
commands.

---------------------------------------------------------------------
* Mon Aug 23 2004 Tim Waugh <twaugh@redhat.com> 1:1.1.20-11.3

- Apply patch to fix CAN-2004-0558 (bug #130646).

* Mon Aug 16 2004 Tim Waugh <twaugh@redhat.com> 1:1.1.20-11.2

- Fix cupsenable/cupsdisable/accept (bug #129864).
- Added version to LPRng obsoletes: tag (bug #128024).


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

43053868e766009625ad430adfe935df  SRPMS/cups-1.1.20-11.3.src.rpm
a17bc35fb4befa32cda3c01f003112fe  x86_64/cups-1.1.20-11.3.x86_64.rpm
46d79527e7be77044d40bd596aa540c4  x86_64/cups-devel-1.1.20-11.3.x86_64.rpm
facb9f477e3b376fd326d4b8734ff953  x86_64/cups-libs-1.1.20-11.3.x86_64.rpm
5e3f80ee8e1a31a95ec0c6125ee4d977  x86_64/debug/cups-debuginfo-1.1.20-11.3.x=
86_64.rpm
93c3fd2f1a873f2aa2655552fc82c099  x86_64/cups-libs-1.1.20-11.3.i386.rpm
2a7235d7f9a4eaf807b1d8f390eb64e1  i386/cups-1.1.20-11.3.i386.rpm
99886d980b9782bc6f95fb5c4459b2e1  i386/cups-devel-1.1.20-11.3.i386.rpm
93c3fd2f1a873f2aa2655552fc82c099  i386/cups-libs-1.1.20-11.3.i386.rpm
8dbf2a8c61067a7765efc6b6e1574fa8  i386/debug/cups-debuginfo-1.1.20-11.3.i38=
6.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
---------------------------------------------------------------------


--Y/WcH0a6A93yCHGr
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD4DBQFBWY99HU/d4jnpWe0RAjn8AJ4n+3Oqh/OwsRD1FgKspLcB9zIrjACYy01f
KAIoZ55qBqE3rGOHQdHq0w==
=iOK1
-----END PGP SIGNATURE-----

--Y/WcH0a6A93yCHGr--


--===============2004352177==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
--===============2004352177==--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC