Cups Internet Printing Protocol Job循环拒绝服务漏洞

Cups Internet Printing Protocol Job循环拒绝服务漏洞

发布时间：2003-11-04
更新时间：2003-11-04
严重程度：中
威胁程度：远程拒绝服务
错误类型：意外情况处置错误
利用方式：服务器模式

BUGTRAQ ID：8952
CVE(CAN) ID：CAN-2003-0788

受影响系统

    Easy Software Products CUPS 1.0.4 -8
       + Debian Linux 2.2
    Easy Software Products CUPS 1.0.4
       + Debian Linux 2.2
    Easy Software Products CUPS 1.1.1
       + RedHat PowerTools 7.0
    Easy Software Products CUPS 1.1.4 -5
    Easy Software Products CUPS 1.1.4 -3
       + MandrakeSoft Linux Mandrake 7.2
    Easy Software Products CUPS 1.1.4 -2
       + Debian Linux 2.3
    Easy Software Products CUPS 1.1.4
       + Debian Linux 2.3
       + MandrakeSoft Linux Mandrake 7.2
    Easy Software Products CUPS 1.1.6
       + Caldera OpenLinux Server 3.1
       + Caldera OpenLinux Workstation 3.1
       + MandrakeSoft Linux Mandrake 8.0
       + MandrakeSoft Linux Mandrake 8.0 ppc
       + S.u.S.E. Linux 7.1 alpha
       + S.u.S.E. Linux 7.1 ppc
       + S.u.S.E. Linux 7.1 sparc
       + S.u.S.E. Linux 7.1 x86
       + S.u.S.E. Linux 7.2 i386
    Easy Software Products CUPS 1.1.7
    Easy Software Products CUPS 1.1.10
       + Caldera OpenLinux Server 3.1.1
       + Caldera OpenLinux Workstation 3.1.1
       + Conectiva Linux 6.0
       + Conectiva Linux 7.0
       + MandrakeSoft Linux Mandrake 8.1
       + MandrakeSoft Linux Mandrake 8.1 ia64
       + S.u.S.E. Linux 7.3 i386
       + S.u.S.E. Linux 7.3 ppc
       + S.u.S.E. Linux 7.3 sparc
    Easy Software Products CUPS 1.1.12
       + S.u.S.E. Linux 8.0
       + S.u.S.E. Linux 8.0 i386
    Easy Software Products CUPS 1.1.13
    Easy Software Products CUPS 1.1.14
       + Conectiva Linux 8.0
       + Debian Linux 3.0
       + Debian Linux 3.0 alpha
       + Debian Linux 3.0 arm
       + Debian Linux 3.0 hppa
       + Debian Linux 3.0 ia-32
       + Debian Linux 3.0 ia-64
       + Debian Linux 3.0 m68k
       + Debian Linux 3.0 mips
       + Debian Linux 3.0 mipsel
       + Debian Linux 3.0 ppc
       + Debian Linux 3.0 s/390
       + Debian Linux 3.0 sparc
       + MandrakeSoft Linux Mandrake 8.2
       + MandrakeSoft Linux Mandrake 8.2 ppc
    Easy Software Products CUPS 1.1.15
       + Conectiva Linux Enterprise Edition 1.0
       + S.u.S.E. Linux 8.1
    Easy Software Products CUPS 1.1.16
       + MandrakeSoft Linux Mandrake 9.0
    Easy Software Products CUPS 1.1.17
    Easy Software Products CUPS 1.1.18
       + Conectiva Linux 9.0
       + MandrakeSoft Corporate Server 2.1
       + MandrakeSoft Linux Mandrake 9.0
       + S.u.S.E. Linux 8.2
    TurboLinux TurboLinux 8.0 Workstation
    TurboLinux TurboLinux 8.0 Server

未影响系统

    Easy Software Products CUPS 1.1.19

详细描述
CUPS协议实现上存在漏洞，提交恶意作业到IPP端口631，可导致拒绝服务攻击，没有详细资料提供。

解决方案
补丁下载：

Easy Software Products CUPS 1.1.10:

Conectiva Upgrade cups-drivers-1.0-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-drivers-1.0-3U70_1cl.i386.rpm
Update for Conectiva Linux 7.0.

Conectiva Upgrade cups-1.1.14-1U70_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-1.1.14-1U70_5cl.i386.rpm
Update for Conectiva Linux 7.0.

Conectiva Upgrade cups-devel-1.1.14-1U70_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-devel-1.1.14-1U70_5cl.i386.rpm
Update for Conectiva Linux 7.0.

Conectiva Upgrade cups-doc-1.1.14-1U70_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-doc-1.1.14-1U70_5cl.i386.rpm
Update for Conectiva Linux 7.0.

Conectiva Upgrade cups-libs-1.1.14-1U70_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-libs-1.1.14-1U70_5cl.i386.rpm
Update for Conectiva Linux 7.0.

Conectiva Upgrade cups-devel-static-1.1.14-1U70_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-devel-static-1.1.14-1U70_5cl.i386.rpm
Update for Conectiva Linux 7.0.

Easy Software Products CUPS 1.1.14:

Conectiva Upgrade cups-1.1.14-2U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/cups-1.1.14-2U80_5cl.i386.rpm
Update for Conectiva Linux 8.0.

Conectiva Upgrade cups-devel-1.1.14-2U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/cups-devel-1.1.14-2U80_5cl.i386.rpm
Update for Conectiva Linux 8.0.

Conectiva Upgrade cups-devel-static-1.1.14-2U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/cups-devel-static-1.1.14-2U80_5cl.i386.rpm
Update for Conectiva Linux 8.0.

Conectiva Upgrade cups-doc-1.1.14-2U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/cups-doc-1.1.14-2U80_5cl.i386.rpm
Update for Conectiva Linux 8.0.

Conectiva Upgrade cups-libs-1.1.14-2U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/cups-libs-1.1.14-2U80_5cl.i386.rpm
Update for Conectiva Linux 8.0.

Easy Software Products CUPS 1.1.15:

Conectiva Upgrade cups-1.1.15-132.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/cups-1.1.15-132.i586.rpm

Conectiva Upgrade cups-client-1.1.15-132.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/cups-client-1.1.15-132.i586.rpm

Conectiva Upgrade cups-devel-1.1.15-132.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/cups-devel-1.1.15-132.i586.rpm

Conectiva Upgrade cups-libs-1.1.15-132.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/cups-libs-1.1.15-132.i586.rpm

Easy Software Products CUPS 1.1.18:

Mandrake Upgrade cups-1.1.18-2.2.C21mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.

Mandrake Upgrade cups-common-1.1.18-2.2.C21mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.

Mandrake Upgrade cups-serial-1.1.18-2.2.C21mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.

Mandrake Upgrade libcups1-1.1.18-2.2.C21mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.

Mandrake Upgrade libcups1-devel-1.1.18-2.2.C21mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.

Mandrake Upgrade cups-1.1.18-2.2.C21mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1/x86_64.

Mandrake Upgrade cups-common-1.1.18-2.2.C21mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1/x86_64.

Mandrake Upgrade cups-serial-1.1.18-2.2.C21mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1/x86_64.

Mandrake Upgrade libcups1-1.1.18-2.2.C21mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1/x86_64.

Mandrake Upgrade libcups1-devel-1.1.18-2.2.C21mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1/x86_64.

Mandrake Upgrade cups-1.1.18-2.2.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.

Mandrake Upgrade cups-common-1.1.18-2.2.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.

Mandrake Upgrade cups-serial-1.1.18-2.2.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.

Mandrake Upgrade libcups1-1.1.18-2.2.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.

Mandrake Upgrade libcups1-devel-1.1.18-2.2.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.

Conectiva Upgrade cups-1.1.18-29091U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/cups-1.1.18-29091U90_2cl.i386.rpm
Update for Conectiva Linux 9.0.

Conectiva Upgrade cups-devel-1.1.18-29091U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/cups-devel-1.1.18-29091U90_2cl.i386.rpm
Update for Conectiva Linux 9.0.

Conectiva Upgrade cups-devel-static-1.1.18-29091U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/cups-devel-static-1.1.18-29091U90_2cl.i386.rpm
Update for Conectiva Linux 9.0.

Conectiva Upgrade cups-doc-1.1.18-29091U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/cups-doc-1.1.18-29091U90_2cl.i386.rpm
Update for Conectiva Linux 9.0.

Conectiva Upgrade cups-libs-1.1.18-29091U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/cups-libs-1.1.18-29091U90_2cl.i386.rpm
Update for Conectiva Linux 9.0.

TurboLinux TurboLinux 8.0 Workstation:

TurboLinux Upgrade cups-1.1.19-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cups-1.1.19-11.i586.rpm

TurboLinux Upgrade cups-devel-1.1.19-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cups-devel-1.1.19-11.i586.rpm

TurboLinux Upgrade cups-libs-1.1.19-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/cups-libs-1.1.19-11.i586.rpm

TurboLinux TurboLinux 8.0 Server:

TurboLinux Upgrade cups-1.1.19-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-1.1.19-11.i586.rpm

TurboLinux Upgrade cups-devel-1.1.19-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-devel-1.1.19-11.i586.rpm

TurboLinux Upgrade cups-libs-1.1.19-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/cups-libs-1.1.19-11.i586.rpm

相关信息
Paul Mitcheson
参考：http://www.securityfocus.com/advisories/6015
http://www.securityfocus.com/advisories/6035
http://www.securityfocus.com/advisories/6031
http://www.securityfocus.com/advisories/6111