Rapid7 Vulnerability & Exploit Database

RHSA-2003:171: Updated CUPS packages fix denial of service attack

Back to Search

RHSA-2003:171: Updated CUPS packages fix denial of service attack

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
06/16/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated CUPS packages that fix a denial of service vulnerability are now available.

CUPS is a print spooler. CUPS is used as the default print spooler on new installations of Red Hat Linux 9, and has been provided (though not as the default) for Red Hat Linux 7.3 and Red Hat Linux 8.0. Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP (Internet Printing Protocol) implementation. The IPP implementation is single-threaded, which means only one request can be serviced at a time. An attacker could make a partial request that does not time out and therefore creates a denial of service. In order to exploit this bug, an attacker must have the ability to make a TCP connection to the IPP port (by default 631). All print servers using CUPS should upgrade to these erratum packages, which contain a patch and are not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-cups
  • redhat-upgrade-cups-devel
  • redhat-upgrade-cups-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;