CUPS Cupsd请求方法远程拒绝服务漏洞发布时间:2003-05-20 更新时间:2003-06-17 严重程度:中 威胁程度:远程拒绝服务 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:7637 CVE(CAN) ID:CAN-2003-0195 受影响系统 Easy Software Products CUPS 1.1.6详细描述 CUPS是打印机缓冲池,CPUS在REDHAT 9中用于默认打印机缓冲池。 Phil D'Amore发现CPUS IPP(Internet打印协议)实现存在漏洞,IPP实现是单线程,在同一时间只接受一个请求,攻击者提交一个请求不设置超时,就会导致拒绝服务,CPUS拒绝任何其他用户的请求。 测试代码 尚无 解决方案 补丁下载: Easy Software Products CUPS 1.1.6: S.u.S.E. Upgrade cups-1.1.6-128.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/cups-1.1.6-128.src.rpm SuSE-7.2 S.u.S.E. Upgrade cups-1.1.6-128.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/cups-1.1.6-128.i386.rpm SuSE-7.2 S.u.S.E. Upgrade cups-devel-1.1.6-128.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/d3/cups-devel-1.1.6-128.i386.rpm SuSE-7.2 Easy Software Products CUPS 1.1.10: S.u.S.E. Upgrade cups-1.1.10-50.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/cups-1.1.10-50.sparc.rpm SuSE-7.3 Sparc S.u.S.E. Upgrade cups-1.1.10-50.src.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/cups-1.1.10-50.src.rpm SuSE-7.3 Sparc S.u.S.E. Upgrade cups-1.1.10-88.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/cups-1.1.10-88.ppc.rpm SuSE-7.3 PPC S.u.S.E. Upgrade cups-1.1.10-88.src.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/cups-1.1.10-88.src.rpm SuSE-7.3 PPC S.u.S.E. Upgrade cups-1.1.10-99.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/cups-1.1.10-99.src.rpm SuSE-7.3 S.u.S.E. Upgrade cups-client-1.1.10-50.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/cups-client-1.1.10-50.sparc.rpm SuSE-7.3 Sparc S.u.S.E. Upgrade cups-client-1.1.10-99.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/cups-client-1.1.10-99.i386.rpm SuSE-7.3 S.u.S.E. Upgrade cups-devel-1.1.10-50.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d3/cups-devel-1.1.10-50.sparc.rpm SuSE-7.3 Sparc S.u.S.E. Upgrade cups-devel-1.1.10-88.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/d3/cups-devel-1.1.10-88.ppc.rpm SuSE-7.3 PPC S.u.S.E. Upgrade cups-devel-1.1.10-99.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/d3/cups-devel-1.1.10-99.i386.rpm SuSE-7.3 S.u.S.E. Upgrade cups-libs-1.1.10-50.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/cups-libs-1.1.10-50.sparc.rpm SuSE-7.3 Sparc S.u.S.E. Upgrade cups-libs-1.1.10-88.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/cups-libs-1.1.10-88.ppc.rpm SuSE-7.3 PPC S.u.S.E. Upgrade cups-libs-1.1.10-99.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/cups-libs-1.1.10-99.i386.rpm SuSE-7.3 Easy Software Products CUPS 1.1.12: S.u.S.E. Upgrade cups-1.1.12-95.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/cups-1.1.12-95.i386.patch.rpm SuSE-8.0 S.u.S.E. Upgrade cups-1.1.12-95.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/cups-1.1.12-95.i386.rpm SuSE-8.0 S.u.S.E. Upgrade cups-1.1.12-95.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/cups-1.1.12-95.src.rpm SuSE-8.0 S.u.S.E. Upgrade cups-client-1.1.12-95.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/cups-client-1.1.12-95.i386.patch.rpm SuSE-8.0 S.u.S.E. Upgrade cups-client-1.1.12-95.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/cups-client-1.1.12-95.i386.rpm SuSE-8.0 S.u.S.E. Upgrade cups-devel-1.1.12-95.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/cups-devel-1.1.12-95.i386.patch.rpm SuSE-8.0 S.u.S.E. Upgrade cups-devel-1.1.12-95.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/cups-devel-1.1.12-95.i386.rpm SuSE-8.0 S.u.S.E. Upgrade cups-libs-1.1.12-95.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/cups-libs-1.1.12-95.i386.patch.rpm SuSE-8.0 S.u.S.E. Upgrade cups-libs-1.1.12-95.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/cups-libs-1.1.12-95.i386.rpm SuSE-8.0 Easy Software Products CUPS 1.1.15: S.u.S.E. Upgrade cups-1.1.15-98.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-1.1.15-98.i586.patch.rpm SuSE-8.1 S.u.S.E. Upgrade cups-1.1.15-98.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-1.1.15-98.i586.rpm SuSE-8.1 S.u.S.E. Upgrade cups-1.1.15-98.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/cups-1.1.15-98.src.rpm SuSE-8.1 S.u.S.E. Upgrade cups-client-1.1.15-98.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-client-1.1.15-98.i586.patch.rpm SuSE-8.1 S.u.S.E. Upgrade cups-client-1.1.15-98.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-client-1.1.15-98.i586.rpm SuSE-8.1 S.u.S.E. Upgrade cups-devel-1.1.15-98.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-devel-1.1.15-98.i586.patch.rpm SuSE-8.1 S.u.S.E. Upgrade cups-devel-1.1.15-98.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-devel-1.1.15-98.i586.rpm SuSE-8.1 S.u.S.E. Upgrade cups-libs-1.1.15-98.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-libs-1.1.15-98.i586.patch.rpm SuSE-8.1 S.u.S.E. Upgrade cups-libs-1.1.15-98.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-libs-1.1.15-98.i586.rpm SuSE-8.1 Easy Software Products CUPS 1.1.18: Easy Software Products Patch cups-1.1.18-str75.patchv2 http://www.cups.org/strfiles/75/cups-1.1.18-str75.patchv2 S.u.S.E. Upgrade cups-1.1.18-77.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cups-1.1.18-77.i586.patch.rpm SuSE-8.2 S.u.S.E. Upgrade cups-1.1.18-77.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cups-1.1.18-77.i586.rpm SuSE-8.2 S.u.S.E. Upgrade cups-1.1.18-77.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/cups-1.1.18-77.src.rpm SuSE-8.2 S.u.S.E. Upgrade cups-client-1.1.18-77.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cups-client-1.1.18-77.i586.patch.rpm SuSE-8.2 S.u.S.E. Upgrade cups-client-1.1.18-77.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cups-client-1.1.18-77.i586.rpm SuSE-8.2 S.u.S.E. Upgrade cups-devel-1.1.18-77.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cups-devel-1.1.18-77.i586.patch.rpm SuSE-8.2 S.u.S.E. Upgrade cups-devel-1.1.18-77.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cups-devel-1.1.18-77.i586.rpm SuSE-8.2 S.u.S.E. Upgrade cups-libs-1.1.18-77.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cups-libs-1.1.18-77.i586.patch.rpm SuSE-8.2 S.u.S.E. Upgrade cups-libs-1.1.18-77.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cups-libs-1.1.18-77.i586.rpm SuSE-8.2 RedHat Linux 7.3 i386: RedHat RPM cups-1.1.14-15.4.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/cups-1.1.14-15.4.i386.rpm RedHat RPM cups-devel-1.1.14-15.4.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/cups-devel-1.1.14-15.4.i386.rpm RedHat RPM cups-libs-1.1.14-15.4.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/cups-libs-1.1.14-15.4.i386.rpm RedHat Linux 8.0 i386: RedHat RPM cups-1.1.17-0.7.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/cups-1.1.17-0.7.i386.rpm RedHat RPM cups-devel-1.1.17-0.7.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/cups-devel-1.1.17-0.7.i386.rpm RedHat RPM cups-libs-1.1.17-0.7.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/cups-libs-1.1.17-0.7.i386.rpm RedHat Linux 9.0 i386: RedHat RPM cups-1.1.17-13.3.i386.rpm ftp://updates.redhat.com/9/en/os/i386/cups-1.1.17-13.3.i386.rpm RedHat RPM cups-devel-1.1.17-13.3.i386.rpm ftp://updates.redhat.com/9/en/os/i386/cups-devel-1.1.17-13.3.i386.rpm RedHat RPM cups-libs-1.1.17-13.3.i386.rpm ftp://updates.redhat.com/9/en/os/i386/cups-libs-1.1.17-13.3.i386.rpm Slackware Linux -current: Slackware Upgrade cups-1.1.19-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/cups-1.1.19/cups-1.1.19-i486-1.tgz Slackware Linux 8.1: Slackware Upgrade cups-1.1.19-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cups-1.1.19-i386-1.tgz Slackware Linux 9.0: Slackware Upgrade cups-1.1.19-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cups-1.1.19-i386-1.tgz Terra Soft Solutions Yellow Dog Linux 3.0: Terra Soft Solutions Patch cups-1.1.17-13.3.ppc.rpm ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/cups-1.1.17-13.3.ppc.rpm Terra Soft Solutions Patch cups-devel-1.1.17-13.3.ppc.rpm ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/cups-devel-1.1.17-13.3.ppc.rpm Terra Soft Solutions Patch cups-libs-1.1.17-13.3.ppc.rpm ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/cups-libs-1.1.17-13.3.ppc.rpm 相关信息 参考:http://www.securityfocus.com/advisories/5489 http://www.securityfocus.com/advisories/5478 http://www.securityfocus.com/advisories/5424 http://www.securityfocus.com/advisories/5413 http://www.securityfocus.com/advisories/5423 http://www.securityfocus.com/advisories/5453 http://www.securityfocus.com/advisories/5398 http://www.securityfocus.com/advisories/5445 |
