CUPS Incomplete SSL Negotiation Remote DoS

Medium Nessus Plugin ID 24901

Synopsis

The remote printer service is prone to a denial of service attack.

Description

The version of CUPS installed on the remote host suffers from a design flaw involving SSL auto-detection. By establishing a connection to a port on which the application attempts to auto-detect SSL and sending a single character, an unauthenticated, remote attacker can leverage this flaw to cause subsequent connections to hang until the first connection is closed.

Solution

Upgrade to CUPS version 1.2.7 or later.

See Also

http://www.cups.org/str.php?L2091+P0+S-2+C0+I0+E0+Q

http://www.cups.org/newsgroups.php?s25+gcups.announce+v30+T0

https://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

https://bugzilla.redhat.com/show_bug.cgi?id=232243

Plugin Details

Severity: Medium

ID: 24901

File Name: cups_ssl_negotiation_dos.nasl

Version: 1.20

Type: remote

Family: Misc.

Published: 2007/03/27

Updated: 2018/11/15

Dependencies: 10107

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2007/03/15

Reference Information

CVE: CVE-2007-0720

BID: 23127