Vulnerabilities > CVE-2004-0558 - Remote Denial Of Service vulnerability in CUPS UDP Packet
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | CUPS 1.1.x UDP Packet Remote Denial Of Service Vulnerability. CVE-2004-0558. Dos exploit for linux platform |
| id | EDB-ID:24599 |
| last seen | 2016-02-02 |
| modified | 2004-09-15 |
| published | 2004-09-15 |
| reporter | Alvaro Martinez Echevarria |
| source | https://www.exploit-db.com/download/24599/ |
| title | CUPS 1.1.x UDP Packet Remote Denial of Service Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-097.NASL description Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes. The updated packages are patched to protect against this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 14753 published 2004-09-16 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14753 title Mandrake Linux Security Advisory : cups (MDKSA-2004:097) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:097. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14753); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0558"); script_xref(name:"MDKSA", value:"2004:097"); script_name(english:"Mandrake Linux Security Advisory : cups (MDKSA-2004:097)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes. The updated packages are patched to protect against this vulnerability." ); script_set_attribute( attribute:"see_also", value:"http://www.cups.org/str.php?L863" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-serial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcups2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcups2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"cups-1.1.20-5.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"cups-common-1.1.20-5.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"cups-serial-1.1.20-5.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64cups2-1.1.20-5.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64cups2-devel-1.1.20-5.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libcups2-1.1.20-5.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libcups2-devel-1.1.20-5.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"cups-1.1.19-10.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"cups-common-1.1.19-10.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"cups-serial-1.1.19-10.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64cups2-1.1.19-10.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64cups2-devel-1.1.19-10.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libcups2-1.1.19-10.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libcups2-devel-1.1.19-10.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_CUPS_1121.NASL description The following package needs to be updated: cups-base last seen 2016-09-26 modified 2004-09-16 plugin id 14763 published 2004-09-16 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14763 title FreeBSD : cups -- print queue browser denial-of-service (27) code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated by freebsd_pkg_05dcf751073311d9b45d000c41e2cdad.nasl. # # Disabled on 2011/10/01. # # (C) Tenable Network Security, Inc. # # This script contains information extracted from VuXML : # # Copyright 2003-2006 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # include('compat.inc'); if ( description ) { script_id(14763); script_version("1.11"); script_cve_id("CVE-2004-0558"); script_name(english:"FreeBSD : cups -- print queue browser denial-of-service (27)"); script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update'); script_set_attribute(attribute:'description', value:'The following package needs to be updated: cups-base'); script_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P'); script_set_attribute(attribute:'solution', value: 'Update the package on the remote host'); script_set_attribute(attribute: 'see_also', value: 'http://bugs.mysql.com/bug.php?id=3270 http://www.cups.org/str.php?L863 http://www.mantisbt.org/bugs/view.php?id=9533 http://www.phpbb.com/support/documents.php?mode=changelog'); script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/05dcf751-0733-11d9-b45d-000c41e2cdad.html'); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/16"); script_end_attributes(); script_summary(english:"Check for cups-base"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); family["english"] = "FreeBSD Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/FreeBSD/pkg_info"); exit(0); } exit(0, "This plugin has been deprecated. Refer to plugin #37713 (freebsd_pkg_05dcf751073311d9b45d000c41e2cdad.nasl) instead."); global_var cvss_score; cvss_score=5; include('freebsd_package.inc'); pkg_test(pkg:"cups-base<1.1.21");NASL family Misc. NASL id CUPS_EMPTY_UDP_DOS.NASL description The target is running a CUPS server that supports browsing of network printers and that is vulnerable to a limited type of denial of service attack. Specifically, the browsing feature can be disabled by sending an empty UDP datagram to the CUPS server. last seen 2020-06-01 modified 2020-06-02 plugin id 15900 published 2004-12-03 reporter This script is Copyright (C) 2004-2018 George A. Theall source https://www.tenable.com/plugins/nessus/15900 title CUPS Internet Printing Protocol (IPP) Implementation Empty UDP Datagram Remote DoS code # # This script was written by George A. Theall, <[email protected]>. # # See the Nessus Scripts License for details. # include("compat.inc"); if (description) { script_id(15900); script_version("1.14"); script_cve_id("CVE-2004-0558"); script_bugtraq_id(11183); script_name(english:"CUPS Internet Printing Protocol (IPP) Implementation Empty UDP Datagram Remote DoS"); script_set_attribute(attribute:"synopsis", value: "The remote print server is affected by a denial of service vulnerability." ); script_set_attribute(attribute:"description", value: "The target is running a CUPS server that supports browsing of network printers and that is vulnerable to a limited type of denial of service attack. Specifically, the browsing feature can be disabled by sending an empty UDP datagram to the CUPS server." ); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L863" ); script_set_attribute(attribute:"see_also", value:"ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm" ); # ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ff4652a" ); script_set_attribute(attribute:"see_also", value:"ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.15/SCOSA-2004.15.txt" ); script_set_attribute(attribute:"solution", value: "Upgrade to CUPS 1.1.21rc2 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/03"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/16"); script_cvs_date("Date: 2018/07/06 11:26:08"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:cups"); script_end_attributes(); summary["english"] = "Checks for Empty UDP Datagram DoS Vulnerability in CUPS"; script_summary(english:summary["english"]); script_category(ACT_DENIAL); script_copyright(english:"This script is Copyright (C) 2004-2018 George A. Theall"); script_family(english:"Misc."); script_dependencie("find_service1.nasl", "global_settings.nasl", "http_version.nasl"); script_require_keys("www/cups"); script_require_ports("Services/www", 631); script_require_udp_ports(631); exit(0); } include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); include("misc_func.inc"); # This function tries to add a printer using the browsing feature. # # Args: # o port, CUPS port number (note: both tcp and udp port # are assumed equal) # o name, a name for the printer # o desc, a description of the printer. # # Return: # 1 if successful, 0 otherwise. function add_printer(port, name, desc) { local_var packet, req, res, soc, url; if (! get_udp_port_state(port)) return 0; # CUPS Browsing Protocol is detailed at <http://www.cups.org/idd.html#4_2>. packet = string( "6 ", # Type (remote printer w/o colour) "3 ", # State (idle) "ipp://example.com:", port, "/printers/", name, " ", # URI '"n/a" ', # Location '"', desc, '" ', # Information '"n/a"' # Make and model ); if (debug_level) display("debug: sending '", packet, "'.\n"); soc = open_sock_udp(port); # nb: open_sock_udp is unlikely to fail - after all, this is udp. if (!soc) return 0; send(socket:soc, data:string(packet, "\n")); close(soc); # Check whether cupsd knows about the printer now. url = string("/printers/", name); if (debug_level) display("debug: checking '", url, "'.\n"); req = http_get(item:url, port:port); res = http_keepalive_send_recv(port:port, data:req); if (res == NULL) return(0); # can't connect if (debug_level) display("debug: received '", res, "'.\n"); if (egrep(string:res, pattern:string("Description: ", desc))) return 1; return 0; } host = get_host_name(); ports = add_port_in_list(list:get_kb_list("Services/www"), port:631); foreach port (ports) { # Look at port only if it corresponds to a CUPS server. banner = get_http_banner(port:port); if (egrep(string:banner, pattern:"Server: CUPS")) { if (debug_level) display("debug: checking for empty UDP datagram DoS vulnerability in CUPS on ", host, ":", port, ".\n"); # NB: since ICMP unreachable are easily dropped by firewalls, we can't # simply probe the UDP port: doing so would risk false positives. # So, we'll try adding a printer using the browsing protocol and # check whether it was indeed added. rc = add_printer(port:port, name:"nasl_test1", desc:"NASL Plugin Test #1"); if (rc == 1) { if (debug_level) display("debug: browsing works; sending empty datagram.\n"); soc = open_sock_udp(port); # nb: open_sock_udp is unlikely to fail - after all, this is udp. if (!soc) exit(0); send(socket:soc, data:""); close(soc); # NB: if browsing is disabled, cups error log will have lines like: # Oct 6 16:28:18 salt cupsd[26671]: Browse recv failed - No such file or directory. # Oct 6 16:28:18 salt cupsd[26671]: Browsing turned off. # Check whether browsing is still enabled. if (debug_level) display("debug: testing if port is still open.\n"); rc = add_printer(port:port, name:"nasl_test2", desc:"NASL Plugin Test #2"); if (rc == 0) { if (debug_level) display("debug: looks like the browser was disabled.\n"); security_warning(port:port, proto:"udp"); } } } }NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_031.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:031 (cups). The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user last seen 2020-06-01 modified 2020-06-02 plugin id 14730 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14730 title SUSE-SA:2004:031: cups code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:031 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(14730); script_version ("1.13"); script_bugtraq_id(11183, 11184); script_cve_id("CVE-2004-0558", "CVE-2004-0801"); name["english"] = "SUSE-SA:2004:031: cups"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2004:031 (cups). The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2004_31_cups.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_end_attributes(); summary["english"] = "Check for the version of the cups package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"cups-1.1.15-170", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.15-170", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.15-170", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.18-96", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.18-96", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.18-96", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.19-93", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.19-93", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.19-93", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"foomatic-filters-3.0.0-100", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.20-108.8", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.20-108.8", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.20-108.8", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"foomatic-filters-3.0.1-41.6", release:"SUSE9.1") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"cups-", release:"SUSE8.1") || rpm_exists(rpm:"cups-", release:"SUSE8.2") || rpm_exists(rpm:"cups-", release:"SUSE9.0") || rpm_exists(rpm:"cups-", release:"SUSE9.1") ) { set_kb_item(name:"CVE-2004-0558", value:TRUE); set_kb_item(name:"CVE-2004-0801", value:TRUE); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-25.NASL description The remote host is affected by the vulnerability described in GLSA-200409-25 (CUPS: Denial of service vulnerability) Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing Protocol (IPP) implementation that allows remote attackers to cause CUPS to stop listening on the IPP port. Impact : A remote user with malicious intent can easily cause a denial of service to the CUPS daemon by sending a specially crafted UDP datagram packet to the IPP port. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 14780 published 2004-09-21 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14780 title GLSA-200409-25 : CUPS: Denial of service vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200409-25. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14780); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0558"); script_xref(name:"GLSA", value:"200409-25"); script_name(english:"GLSA-200409-25 : CUPS: Denial of service vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200409-25 (CUPS: Denial of service vulnerability) Alvaro Martinez Echevarria discovered a hole in the CUPS Internet Printing Protocol (IPP) implementation that allows remote attackers to cause CUPS to stop listening on the IPP port. Impact : A remote user with malicious intent can easily cause a denial of service to the CUPS daemon by sending a specially crafted UDP datagram packet to the IPP port. Workaround : There is no known workaround at this time." ); # http://www.cups.org/str.php?L863 script_set_attribute( attribute:"see_also", value:"https://github.com/apple/cups/issues/863" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200409-25" ); script_set_attribute( attribute:"solution", value: "All CUPS users should upgrade to the latest version: # emerge sync # emerge -pv '>=net-print/cups-1.1.20-r2' # emerge '>=net-print/cups-1.1.20-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cups"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-print/cups", unaffected:make_list("ge 1.1.20-r2"), vulnerable:make_list("lt 1.1.20-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CUPS"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-545.NASL description Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX Printing System. An attacker can easily disable browsing in CUPS by sending a specially crafted UDP datagram to port 631 where cupsd is running. last seen 2020-06-01 modified 2020-06-02 plugin id 15382 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15382 title Debian DSA-545-1 : cupsys - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-545. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15382); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0558"); script_xref(name:"DSA", value:"545"); script_name(english:"Debian DSA-545-1 : cupsys - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX Printing System. An attacker can easily disable browsing in CUPS by sending a specially crafted UDP datagram to port 631 where cupsd is running." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-545" ); script_set_attribute( attribute:"solution", value: "Upgrade the cups packages. For the stable distribution (woody) this problem has been fixed in version 1.1.14-5woody6." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cupsys"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"cupsys", reference:"1.1.14-5woody6")) flag++; if (deb_check(release:"3.0", prefix:"cupsys-bsd", reference:"1.1.14-5woody6")) flag++; if (deb_check(release:"3.0", prefix:"cupsys-client", reference:"1.1.14-5woody6")) flag++; if (deb_check(release:"3.0", prefix:"cupsys-pstoraster", reference:"1.1.14-5woody6")) flag++; if (deb_check(release:"3.0", prefix:"libcupsys2", reference:"1.1.14-5woody6")) flag++; if (deb_check(release:"3.0", prefix:"libcupsys2-dev", reference:"1.1.14-5woody6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040930.NASL description The remote host is missing Security Update 2004-09-30. This security update contains a number of fixes for the following programs : - AFP Server - CUPS - NetInfoManager - postfix - QuickTime - ServerAdmin These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15420 published 2004-10-04 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15420 title Mac OS X Multiple Vulnerabilities (Security Update 2004-09-30) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-449.NASL description Updated cups packages that fix a denial of service vulnerability are now available. The Common UNIX Printing System (CUPS) is a print spooler. Alvaro Martinez Echevarria reported a bug in the CUPS Internet Printing Protocol (IPP) implementation in versions of CUPS prior to 1.1.21. An attacker could send a carefully crafted UDP packet to the IPP port which could cause CUPS to stop listening to the port and result in a denial of service. In order to exploit this bug, an attacker would need to have the ability to send a UDP packet to the IPP port (by default 631). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0558 to this issue. All users of cups should upgrade to these updated packages, which contain a backported patch as well as a fix for a non-exploitable off-by-one bug. last seen 2020-06-01 modified 2020-06-02 plugin id 14737 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14737 title RHEL 3 : cups (RHSA-2004:449) NASL family Fedora Local Security Checks NASL id FEDORA_2004-275.NASL description This update fixes a denial of service problem causing loss of browse services. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0558 to this issue. In addition, this update fixes the cupsenable, cupsdisable and accept commands. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14839 published 2004-09-28 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14839 title Fedora Core 2 : cups-1.1.20-11.3 (2004-275) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-266-01.NASL description New CUPS packages are available for Slackware 9.1, 10.0, and -current to fix a denial of service issue where a malformed packet can crash the CUPS server. last seen 2020-06-01 modified 2020-06-02 plugin id 18752 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18752 title Slackware 10.0 / 9.1 / current : CUPS DoS (SSA:2004-266-01) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_05DCF751073311D9B45D000C41E2CDAD.NASL description If the CUPS server (cupsd) receives a zero-length UDP message, it will disable its print queue browser service. last seen 2020-06-01 modified 2020-06-02 plugin id 37713 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37713 title FreeBSD : cups -- print queue browser denial-of-service (05dcf751-0733-11d9-b45d-000c41e2cdad)
Oval
| accepted | 2013-04-29T04:15:33.804-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:11732 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000872
- http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html
- http://marc.info/?l=bugtraq&m=109760654431316&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57646-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1
- http://www.debian.org/security/2004/dsa-545
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:097
- http://www.redhat.com/support/errata/RHSA-2004-449.html
- http://www.securityfocus.com/bid/11183
- http://www.suse.com/de/security/2004_31_cups.html
- http://www.trustix.org/errata/2004/0047/
- https://bugzilla.fedora.us/show_bug.cgi?id=2072
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17389
- https://github.com/fibonascii/CVE-2004-0558
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11732