Vulnerabilities > CVE-2005-2874 - Unspecified vulnerability in Easy Software products Cups

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

easy-software-products

nessus

NVD

Published: 2005-09-13

Updated: 2017-10-11

Summary

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.

Vulnerable Configurations

Part	Description	Count
Application	Easy_Software_Products Easy Software Products Cups 1.1 Easy Software Products Cups 1.1.1 Easy Software Products Cups 1.1.2 Easy Software Products Cups 1.1.3 Easy Software Products Cups 1.1.4 Easy Software Products Cups 1.1.5 Easy Software Products Cups 1.1.5_1 Easy Software Products Cups 1.1.5_2 Easy Software Products Cups 1.1.6 Easy Software Products Cups 1.1.6_1 Easy Software Products Cups 1.1.6_2 Easy Software Products Cups 1.1.6_3 Easy Software Products Cups 1.1.7 Easy Software Products Cups 1.1.8 Easy Software Products Cups 1.1.9 Easy Software Products Cups 1.1.9_1 Easy Software Products Cups 1.1.10 Easy Software Products Cups 1.1.10_1 Easy Software Products Cups 1.1.11 Easy Software Products Cups 1.1.12 Easy Software Products Cups 1.1.13 Easy Software Products Cups 1.1.14 Easy Software Products Cups 1.1.15 Easy Software Products Cups 1.1.16 Easy Software Products Cups 1.1.17 Easy Software Products Cups 1.1.18 Easy Software Products Cups 1.1.19 Easy Software Products Cups 1.1.19_Rc1 Easy Software Products Cups 1.1.19_Rc2 Easy Software Products Cups 1.1.19_Rc3 Easy Software Products Cups 1.1.19_Rc4 Easy Software Products Cups 1.1.19_Rc5 Easy Software Products Cups 1.1.20 Easy Software Products Cups 1.1.20_Rc1 Easy Software Products Cups 1.1.20_Rc2 Easy Software Products Cups 1.1.20_Rc3 Easy Software Products Cups 1.1.20_Rc4 Easy Software Products Cups 1.1.20_Rc5 Easy Software Products Cups 1.1.20_Rc6 Easy Software Products Cups 1.1.21 Easy Software Products Cups 1.1.21_Rc1 Easy Software Products Cups 1.1.21_Rc2 Easy Software Products Cups 1.1.22 Easy Software Products Cups 1.1.22_Rc1 Easy Software Products Cups 1.1.22_Rc2	45

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_990CF07E698811D9A9E70001020EED82.NASL
description	Kenshi Muto discovered that the CUPS server would enter an infinite loop when processing a URL containing /...
last seen	2020-06-01
modified	2020-06-02
plugin id	19045
published	2005-07-13
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19045
title	FreeBSD : cups-base -- CUPS server remote DoS vulnerability (990cf07e-6988-11d9-a9e7-0001020eed82)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(19045); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2005-2874"); script_bugtraq_id(12200); script_name(english:"FreeBSD : cups-base -- CUPS server remote DoS vulnerability (990cf07e-6988-11d9-a9e7-0001020eed82)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Kenshi Muto discovered that the CUPS server would enter an infinite loop when processing a URL containing /..." ); # http://www.cups.org/str.php?L1042 script_set_attribute( attribute:"see_also", value:"https://github.com/apple/cups/issues/1042" ); # https://vuxml.freebsd.org/freebsd/990cf07e-6988-11d9-a9e7-0001020eed82.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?259a312e" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:cups-base"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/30"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"cups-base>=1.1.21<1.1.23")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-772.NASL
description	Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS processes malformed HTTP requests. It is possible for a remote user capable of connecting to the CUPS daemon to issue a malformed HTTP GET request that causes CUPS to enter an infinite loop. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2874 to this issue. Two small bugs have also been fixed in this update. A signal handling problem has been fixed that could occasionally cause the scheduler to stop when told to reload. A problem with tracking open file descriptors under certain specific circumstances has also been fixed. All users of CUPS should upgrade to these erratum packages, which contain a patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	19834
published	2005-10-05
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19834
title	RHEL 4 : cups (RHSA-2005:772)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:772. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(19834); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-2874"); script_xref(name:"RHSA", value:"2005:772"); script_name(english:"RHEL 4 : cups (RHSA-2005:772)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS processes malformed HTTP requests. It is possible for a remote user capable of connecting to the CUPS daemon to issue a malformed HTTP GET request that causes CUPS to enter an infinite loop. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2874 to this issue. Two small bugs have also been fixed in this update. A signal handling problem has been fixed that could occasionally cause the scheduler to stop when told to reload. A problem with tracking open file descriptors under certain specific circumstances has also been fixed. All users of CUPS should upgrade to these erratum packages, which contain a patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-2874" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:772" ); script_set_attribute( attribute:"solution", value:"Update the affected cups, cups-devel and / or cups-libs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/13"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:772"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"cups-1.1.22-0.rc1.9.8")) flag++; if (rpm_check(release:"RHEL4", reference:"cups-devel-1.1.22-0.rc1.9.8")) flag++; if (rpm_check(release:"RHEL4", reference:"cups-libs-1.1.22-0.rc1.9.8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs"); } }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-772.NASL
description	Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS processes malformed HTTP requests. It is possible for a remote user capable of connecting to the CUPS daemon to issue a malformed HTTP GET request that causes CUPS to enter an infinite loop. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2874 to this issue. Two small bugs have also been fixed in this update. A signal handling problem has been fixed that could occasionally cause the scheduler to stop when told to reload. A problem with tracking open file descriptors under certain specific circumstances has also been fixed. All users of CUPS should upgrade to these erratum packages, which contain a patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	23982
published	2007-01-08
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/23982
title	CentOS 4 : cups (CESA-2005:772)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:772 and # CentOS Errata and Security Advisory 2005:772 respectively. # include("compat.inc"); if (description) { script_id(23982); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-2874"); script_xref(name:"RHSA", value:"2005:772"); script_name(english:"CentOS 4 : cups (CESA-2005:772)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS processes malformed HTTP requests. It is possible for a remote user capable of connecting to the CUPS daemon to issue a malformed HTTP GET request that causes CUPS to enter an infinite loop. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2874 to this issue. Two small bugs have also been fixed in this update. A signal handling problem has been fixed that could occasionally cause the scheduler to stop when told to reload. A problem with tracking open file descriptors under certain specific circumstances has also been fixed. All users of CUPS should upgrade to these erratum packages, which contain a patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012195.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?33ec3794" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012205.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e5ea71b5" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012206.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?be02d469" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/13"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"cups-1.1.22-0.rc1.9.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"cups-devel-1.1.22-0.rc1.9.8")) flag++; if (rpm_check(release:"CentOS-4", reference:"cups-libs-1.1.22-0.rc1.9.8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-908.NASL
description	A bug was found in the way CUPS processes malformed HTTP requests. It is possible for a remote user capable of connecting to the CUPS daemon to issue a malformed HTTP GET request which will cause CUPS to enter an infinite loop. This is CVE-2005-2874. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	19870
published	2005-10-05
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19870
title	Fedora Core 3 : cups-1.1.22-0.rc1.8.7 (2005-908)

NASL family	Misc.
NASL id	CUPS_MULTIPLE_VULNERABILITIES.NASL
description	According to its banner, the version of CUPS installed on the remote host is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to multiple vulnerabilities : - A remotely exploitable buffer overflow in the
last seen	2020-06-01
modified	2020-06-02
plugin id	16141
published	2005-01-12
reporter	This script is Copyright (C) 2005-2018 George A. Theall
source	https://www.tenable.com/plugins/nessus/16141
title	CUPS < 1.1.23 Multiple Vulnerabilities

Oval

accepted

2013-04-29T04:22:03.529-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:9774

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2005:772

rpms

cups-1:1.1.22-0.rc1.9.8
cups-debuginfo-1:1.1.22-0.rc1.9.8
cups-devel-1:1.1.22-0.rc1.9.8
cups-libs-1:1.1.22-0.rc1.9.8

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References