CUPS Incomplete SSL Negotiation Remote DoS

Medium Nessus Plugin ID 24901


The remote printer service is prone to a denial of service attack.


The version of CUPS installed on the remote host suffers from a design flaw involving SSL auto-detection. By establishing a connection to a port on which the application attempts to auto-detect SSL and sending a single character, an unauthenticated, remote attacker can leverage this flaw to cause subsequent connections to hang until the first connection is closed.


Upgrade to CUPS version 1.2.7 or later.

See Also

Plugin Details

Severity: Medium

ID: 24901

File Name: cups_ssl_negotiation_dos.nasl

Version: 1.20

Type: remote

Family: Misc.

Published: 2007/03/27

Updated: 2018/11/15

Dependencies: 10107

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2007/03/15

Reference Information

CVE: CVE-2007-0720

BID: 23127