| VID |
23106 |
| Severity |
20 |
| Port |
631 |
| Protocol |
TCP |
| Class |
CUPS |
| Detailed Description |
The CUPS server, according to its banner, has a denial of service vulnerability via the empty UDP datagram. Easy Software Products' Common UNIX Printing System (CUPS) is a cross-platform printing solution for UNIX environments that is based on the "Internet Printing Protocol". CUPS has a web-based graphical interface for printer management and is available on most Linux systems. CUPS versions prior to 1.1.21 are vulnerable to a limited type of denial of service attack. By sending an empty UDP datagram to the affected CUPS server, a remote attacker could cause a denial of service.
* Note: This check solely relied on the banner of the remote CUPS server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/9995
http://www.ciac.org/ciac/bulletins/p-002.shtml
http://www.ciac.org/ciac/bulletins/p-004.shtml
* Platforms Affected:
Easy Software Products, CUPS versions prior to 1.1.21
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CUPS (1.1.21 or later), available from the CUPS Software Web site at http://www.cups.org/software.php
For Mac OS X and Mac OS X Server 10.3.5:
Apply Security Update 2004-09-30, available from the AppleCare Knowledge Base Document 61798 at http://docs.info.apple.com/article.html?artnum=61798
For Red Hat Desktop and Red Hat Enterprise Linux AS, ES and WS:
Upgrade to the latest cups package (1.1.17-13.3.13 or later), available from the Red Hat Security Advisory RHSA-2004:449-17 at https://rhn.redhat.com/errata/RHSA-2004-449.html
For Mandrake Linux:
Upgrade to the latest cups package, as listed in MandrakeSoft Security Advisory MDKSA-2004:097 at http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:097
For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest cupsys package (1.1.14-5woody6 or later), as listed in Debian Security Advisory DSA-545-1 at http://www.debian.org/security/2004/dsa-545
For SuSE Linux:
Upgrade to the latest cups package, as listed in SuSE Security Announcement SUSE-SA:2004:031 at http://www.suse.de/de/security/2004_31_cups.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-0558 (CVE) |
| Related URL |
11183,11322 (SecurityFocus) |
| Related URL |
17389 (ISS) |
|
