CUPS UDP packet denial of service

cups-udp-dos (17389) The risk level is classified as LowLow Risk

Description:

The Common Unix Printing System (CUPS) is vulnerable to a denial of service attack. By sending a specially-crafted UDP packet to the IPP port, a remote attacker could cause a denial of service.


Consequences:

Denial of Service

Remedy:

Upgrade to the latest version of CUPS (1.1.21 or later), available from the CUPS Web site. See References.

For Mac OS X and Mac OS X Server 10.3.5: Apply Security Update 2004-09-30, available from the AppleCare Knowledge Base Document 61798. See References.

For Red Hat Desktop and Red Hat Enterprise Linux AS, ES and WS:
Upgrade to the latest cups package (1.1.17-13.3.13 or later), available from the RHSA-2004:449-17. See References.

For SuSE Linux:
Upgrade to the latest cups package, as listed below. Refer to SuSE Security Announcement SUSE-SA:2004:031 for more information. See References.

SuSE Linux 9.1: 1.1.20-108.8 or later
SuSE Linux 9.0: 1.1.19-93 or later
SuSE Linux 8.2: 1.1.18-96 or later
SuSE Linux 8.1: 1.1.15-170 or later

For Mandrake Linux:
Upgrade to the latest cups package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:097 : cups for more information. See References.

Mandrake Linux 9.2: 1.1.19-10.1.92mdk or later
Mandrake Linux Corporate Server 2.1: 1.1.18-2.3.C21mdk or later
Mandrake Linux 10.0: 1.1.20-5.1.100mdk or later

For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest cupsys package (1.1.14-5woody6 or later), as listed in DSA-545-1. See References.

For Trustix Secure Linux:
Upgrade to the latest cups package, as listed below. Refer to Trustix Secure Linux Security Advisory #2004-0047 for more information. See References.

Trustix Secure Linux 2.0: 1.1.19-7tr or later
Trustix Secure Linux 2.1 and Enterprise Server 2: 1.1.20-4tr or later

For Gentoo Linux:
Upgrade to the latest version of cups (1.1.20-r2 or later), as listed in GLSA 200409-25. See References.

For Slackware Linux:
Upgrade to the latest cups package, as listed below. Refer to slackware-security Mailing List, Wed, 22 Sep 2004 13:38:36 -0700 (PDT) for more information. See References.

Slackware Linux 9.1, 10 and -current: 1.1.21-i486 or later

For Sun JDS:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 57646 for more information. See References.

Linux:
Sun JDS 2003 and Release 2: 9321 or later

For SCO UnixWare 7.1.3up and UnixWare 7.1.4:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2004.15. See References.

For Conectiva Linux:
Upgrade to the latest cups package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:872 for more information. See References.

Conectiva Linux 10: 1.1.20-62425U10_4cl or later
Conectiva Linux 9: 1.1.18-29091U90_4cl or later

For TurboLinux:
Upgrade to the latest cups package, as listed below. Refer to TurboLinux Security Advisory TLSA-2004-33 for more information. See References.

TurboLinux Appliance Server 1.0 Hosting Edition: 1.1.19-17 or later
TurboLinux Appliance Server 1.0 Workgroup Edition: 1.1.19-17 or later
Turbolinux 10 Desktop: 1.1.19-15 or later
Turbolinux 10 F: 1.1.19-15 or later
Turbolinux Home: 1.1.19-15 or later
Turbolinux 8 Server: 1.1.19-15 or later
Turbolinux 8 Workstation: 1.1.19-15 or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Platforms Affected:

  • Apple Mac OS X 10.3.5
  • Apple Mac OS X Server 10.3.5
  • Conectiva Linux 10
  • Conectiva Linux 9.0
  • Debian Debian Linux 3.0
  • Easy Software Products CUPS prior to 1.1.21
  • Gentoo Linux
  • MandrakeSoft Mandrake Linux 10.0 AMD64
  • MandrakeSoft Mandrake Linux 10.0
  • MandrakeSoft Mandrake Linux 9.2 AMD64
  • MandrakeSoft Mandrake Linux 9.2
  • MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
  • RedHat Enterprise Linux 3 ES
  • RedHat Enterprise Linux 3 WS
  • RedHat Enterprise Linux 3 AS
  • RedHat Enterprise Linux 3 Desktop
  • SCO SCO UnixWare 7.1.3up
  • SCO SCO UnixWare 7.1.4
  • Slackware Slackware Linux 10.0
  • Slackware Slackware Linux 9.1
  • Slackware Slackware Linux current
  • Sun JDS 2003
  • Sun JDS Release 2
  • SuSE Linux Enterprise Server 8
  • SUSE SuSE Linux 8.1
  • SUSE SuSE Linux 8.2
  • SUSE SuSE Linux 9.0
  • SUSE SuSE Linux 9.1
  • SuSE SuSE Linux Desktop 1.0
  • SuSE SuSE SLES 9
  • Trustix Enterprise Server 2
  • Trustix Secure Linux 2.0
  • Trustix Secure Linux 2.1
  • Turbolinux Turbolinux 10 Desktop
  • Turbolinux Turbolinux 10 F...
  • Turbolinux Turbolinux 8 Server
  • Turbolinux Turbolinux 8 Workstation
  • Turbolinux Turbolinux Home
  • Turbolinux Turbolinux Appliance Server 1.0 Hosting Ed
  • Turbolinux Turbolinux Appliance Server 1.0 Workgroup Ed

Reported:

Sep 15, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page