RHEL 3 : cups (RHSA-2004:449)

Medium Nessus Plugin ID 14737


The remote Red Hat host is missing one or more security updates.


Updated cups packages that fix a denial of service vulnerability are now available.

The Common UNIX Printing System (CUPS) is a print spooler.

Alvaro Martinez Echevarria reported a bug in the CUPS Internet Printing Protocol (IPP) implementation in versions of CUPS prior to 1.1.21. An attacker could send a carefully crafted UDP packet to the IPP port which could cause CUPS to stop listening to the port and result in a denial of service. In order to exploit this bug, an attacker would need to have the ability to send a UDP packet to the IPP port (by default 631). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0558 to this issue.

All users of cups should upgrade to these updated packages, which contain a backported patch as well as a fix for a non-exploitable off-by-one bug.


Update the affected cups, cups-devel and / or cups-libs packages.

See Also




Plugin Details

Severity: Medium

ID: 14737

File Name: redhat-RHSA-2004-449.nasl

Version: $Revision: 1.20 $

Type: local

Agent: unix

Published: 2004/09/15

Modified: 2016/12/28

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:cups, p-cpe:/a:redhat:enterprise_linux:cups-devel, p-cpe:/a:redhat:enterprise_linux:cups-libs, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2004/09/15

Vulnerability Publication Date: 2004/09/16

Reference Information

CVE: CVE-2004-0558

OSVDB: 9995

RHSA: 2004:449