Vulnerabilities > CVE-2007-0720
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2007-3100.NASL description This update fixes several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28162 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28162 title Fedora 7 : cups-1.2.12-7.fc7 (2007-3100) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-3100. # include("compat.inc"); if (description) { script_id(28162); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-0720", "CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"); script_bugtraq_id(25124, 26367); script_xref(name:"FEDORA", value:"2007-3100"); script_name(english:"Fedora 7 : cups-1.2.12-7.fc7 (2007-3100)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=250161" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=345101" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004642.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e5ed0b0" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-lpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"cups-1.2.12-7.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-debuginfo-1.2.12-7.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-devel-1.2.12-7.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-libs-1.2.12-7.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-lpd-1.2.12-7.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0123.NASL description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS handled SSL negotiation. A remote user capable of connecting to the CUPS daemon could cause a denial of service to other CUPS users. (CVE-2007-0720) All users of CUPS should upgrade to these updated packages, which contain a backported patch introducing a timeout, which prevents connections being kept open for an arbitrarily long time. last seen 2020-06-01 modified 2020-06-02 plugin id 25065 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25065 title RHEL 3 / 4 / 5 : cups (RHSA-2007:0123) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0123. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(25065); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2007-0720"); script_bugtraq_id(23127); script_xref(name:"RHSA", value:"2007:0123"); script_name(english:"RHEL 3 / 4 / 5 : cups (RHSA-2007:0123)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS handled SSL negotiation. A remote user capable of connecting to the CUPS daemon could cause a denial of service to other CUPS users. (CVE-2007-0720) All users of CUPS should upgrade to these updated packages, which contain a backported patch introducing a timeout, which prevents connections being kept open for an arbitrarily long time." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0720" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0123" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-lpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0123"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"cups-1.1.17-13.3.42")) flag++; if (rpm_check(release:"RHEL3", reference:"cups-devel-1.1.17-13.3.42")) flag++; if (rpm_check(release:"RHEL3", reference:"cups-libs-1.1.17-13.3.42")) flag++; if (rpm_check(release:"RHEL4", reference:"cups-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"RHEL4", reference:"cups-devel-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"RHEL4", reference:"cups-libs-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cups-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cups-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cups-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"cups-devel-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"cups-libs-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cups-lpd-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cups-lpd-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cups-lpd-1.2.4-11.5.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd"); } }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0123.NASL description From Red Hat Security Advisory 2007:0123 : Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS handled SSL negotiation. A remote user capable of connecting to the CUPS daemon could cause a denial of service to other CUPS users. (CVE-2007-0720) All users of CUPS should upgrade to these updated packages, which contain a backported patch introducing a timeout, which prevents connections being kept open for an arbitrarily long time. last seen 2020-06-01 modified 2020-06-02 plugin id 67462 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67462 title Oracle Linux 3 / 4 / 5 : cups (ELSA-2007-0123) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0123 and # Oracle Linux Security Advisory ELSA-2007-0123 respectively. # include("compat.inc"); if (description) { script_id(67462); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2007-0720"); script_bugtraq_id(23127); script_xref(name:"RHSA", value:"2007:0123"); script_name(english:"Oracle Linux 3 / 4 / 5 : cups (ELSA-2007-0123)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0123 : Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS handled SSL negotiation. A remote user capable of connecting to the CUPS daemon could cause a denial of service to other CUPS users. (CVE-2007-0720) All users of CUPS should upgrade to these updated packages, which contain a backported patch introducing a timeout, which prevents connections being kept open for an arbitrarily long time." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-April/000119.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-April/000123.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000235.html" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-lpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-1.1.17-13.3.42")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-1.1.17-13.3.42")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-devel-1.1.17-13.3.42")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-devel-1.1.17-13.3.42")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-libs-1.1.17-13.3.42")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-libs-1.1.17-13.3.42")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-devel-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-devel-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"cups-libs-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"cups-libs-1.1.22-0.rc1.9.18")) flag++; if (rpm_check(release:"EL5", reference:"cups-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"cups-devel-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"cups-libs-1.2.4-11.5.1.el5")) flag++; if (rpm_check(release:"EL5", reference:"cups-lpd-1.2.4-11.5.1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_39988EE8191811DCB6BD0016179B2DD5.NASL description Secunia reports : CUPS is not using multiple workers to handle connections. This can be exploited to stop CUPS from accepting new connections by starting but never completing an SSL negotiation. last seen 2020-06-01 modified 2020-06-02 plugin id 25512 published 2007-06-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25512 title FreeBSD : cups -- Incomplete SSL Negotiation Denial of Service (39988ee8-1918-11dc-b6bd-0016179b2dd5) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(25512); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2007-0720"); script_xref(name:"Secunia", value:"24517"); script_name(english:"FreeBSD : cups -- Incomplete SSL Negotiation Denial of Service (39988ee8-1918-11dc-b6bd-0016179b2dd5)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Secunia reports : CUPS is not using multiple workers to handle connections. This can be exploited to stop CUPS from accepting new connections by starting but never completing an SSL negotiation." ); # http://security.gentoo.org/glsa/glsa-200703-28.xml script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200703-28" ); # https://vuxml.freebsd.org/freebsd/39988ee8-1918-11dc-b6bd-0016179b2dd5.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9d2f0f08" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:cups-base"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/05"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"cups-base<1.2.11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200703-28.NASL description The remote host is affected by the vulnerability described in GLSA-200703-28 (CUPS: Denial of Service) CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection never times out. Impact : An attacker could partially negotiate an SSL connection with a CUPS server, and cause future connections to that server to fail, resulting in a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24933 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24933 title GLSA-200703-28 : CUPS: Denial of Service NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0123.NASL description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS handled SSL negotiation. A remote user capable of connecting to the CUPS daemon could cause a denial of service to other CUPS users. (CVE-2007-0720) All users of CUPS should upgrade to these updated packages, which contain a backported patch introducing a timeout, which prevents connections being kept open for an arbitrarily long time. last seen 2020-06-01 modified 2020-06-02 plugin id 25041 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25041 title CentOS 3 / 4 / 5 : cups (CESA-2007:0123) NASL family Fedora Local Security Checks NASL id FEDORA_2007-2982.NASL description This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler, as well as several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27822 published 2007-11-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27822 title Fedora 8 : cups-1.3.4-2.fc8 (2007-2982) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-086.NASL description A flaw was discovered in how CUPS handled SSL negotiation that could allow a remote attacker capable of connecting to the CUPS daemon to cause a DoS to other CUPS users. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25064 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25064 title Mandrake Linux Security Advisory : cups (MDKSA-2007:086) NASL family Fedora Local Security Checks NASL id FEDORA_2007-1219.NASL description Security fix update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24820 published 2007-03-16 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24820 title Fedora Core 5 : cups-1.2.8-1.fc5 (2007-1219) NASL family SuSE Local Security Checks NASL id SUSE_CUPS-3716.NASL description The previous cups update (CVE-2007-0720) was incomplete and could lead to cupsd crashing. last seen 2020-06-01 modified 2020-06-02 plugin id 29411 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29411 title SuSE 10 Security Update : cups (ZYPP Patch Number 3716) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-036.NASL description Wei Wang found that the SNMP discovery backend in CUPS did not correctly calculate the length of strings. If a user could be tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code (CVE-2007-5849). As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another denial of service regression within SSL handling (CVE-2007-4045). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37571 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37571 title Mandriva Linux Security Advisory : cups (MDVSA-2008:036) NASL family MacOS X Local Security Checks NASL id MACOSX_10_4_9.NASL description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog last seen 2020-06-01 modified 2020-06-02 plugin id 24811 published 2007-03-13 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24811 title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003) NASL family SuSE Local Security Checks NASL id SUSE_CUPS-3136.NASL description By keeping a partially negotiated SSL connection open an attacker could prevent the cups server from accepting other requests (CVE-2007-0720). last seen 2020-06-01 modified 2020-06-02 plugin id 27192 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27192 title openSUSE 10 Security Update : cups (cups-3136) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-11.NASL description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79964 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79964 title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed) NASL family Misc. NASL id CUPS_SSL_NEGOTIATION_DOS.NASL description The version of CUPS installed on the remote host suffers from a design flaw involving SSL auto-detection. By establishing a connection to a port on which the application attempts to auto-detect SSL and sending a single character, an unauthenticated, remote attacker can leverage this flaw to cause subsequent connections to hang until the first connection is closed. last seen 2020-06-01 modified 2020-06-02 plugin id 24901 published 2007-03-27 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24901 title CUPS Incomplete SSL Negotiation Remote DoS NASL family SuSE Local Security Checks NASL id SUSE_CUPS-3137.NASL description By keeping a partially negotiated SSL connection open an attacker could prevent the cups server from accepting other requests. (CVE-2007-0720) last seen 2020-06-01 modified 2020-06-02 plugin id 29410 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29410 title SuSE 10 Security Update : CUPS (ZYPP Patch Number 3137) NASL family SuSE Local Security Checks NASL id SUSE_CUPS-3715.NASL description The previous cups update (CVE-2007-0720) was incomplete and could lead to cupsd crashing. last seen 2020-06-01 modified 2020-06-02 plugin id 27193 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27193 title openSUSE 10 Security Update : cups (cups-3715)
Oval
| accepted | 2013-04-29T04:11:03.502-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11046 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://docs.info.apple.com/article.html?artnum=305214
- http://fedoranews.org/cms/node/2785
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://secunia.com/advisories/24479
- http://secunia.com/advisories/24517
- http://secunia.com/advisories/24530
- http://secunia.com/advisories/24660
- http://secunia.com/advisories/24878
- http://secunia.com/advisories/24895
- http://secunia.com/advisories/25119
- http://secunia.com/advisories/25497
- http://secunia.com/advisories/26083
- http://secunia.com/advisories/26413
- http://security.gentoo.org/glsa/glsa-200703-28.xml
- http://support.avaya.com/elmodocs2/security/ASA-2007-194.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:086
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- http://www.novell.com/linux/security/advisories/2007_9_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-0123.html
- http://www.securityfocus.com/archive/1/463846/100/0/threaded
- http://www.securityfocus.com/bid/22948
- http://www.securityfocus.com/bid/23127
- http://www.securitytracker.com/id?1017750
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2007/0930
- http://www.vupen.com/english/advisories/2007/0949
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232243
- https://issues.rpath.com/browse/RPL-1173
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11046