|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-25] CUPS: Denial of service vulnerability Vulnerability Scan
Vulnerability Scan Summary CUPS: Denial of service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-25
(CUPS: Denial of service vulnerability)
Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing
Protocol (IPP) implementation that allows remote attackers to cause CUPS to
stop listening on the IPP port.
Impact
A remote user with malicious intent can easily cause a denial of service to
the CUPS daemon by sending a specially-crafted UDP datagram packet to the
IPP port.
Workaround
There is no known workaround at this time.
References:
http://www.cups.org/str.php?L863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0558
Solution:
All CUPS users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-print/cups-1.1.20-r2"
# emerge ">=net-print/cups-1.1.20-r2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|