CERTA-2003-AVI-094
Vulnerability from certfr_avis - Published: - Updated:
Un déni de service est possible sur le serveur d'impression CUPS.
Description
CUPS (Common Unix Printing System) est un serveur d'impression basé sur IPP (Internet Printing Protocol).
Une vulnérabilité présente dans la gestion des requêtes IPP peut être exploitée par un utilisateur mal intentionné afin de bloquer tout accès au service d'impression.
Contournement provisoire
Filtrer l'accès au port 631/tcp utilisé par IPP afin de limiter l'exploitation de cette vulnérabilité.
Solution
Appliquer le correctif fourni par l'éditeur :
-
Bulletin de sécurité MDKSA-2003:062 de Mandrake :
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:062 -
Bulletin de sécurité RHSA-2003:171 de Red Hat :
http://rhn.redhat.com/errata/RHSA-2003-171.html -
Bulletin de sécurité SuSE-SA:2003:028 de SuSE :
http://www.suse.com/de/security/2003_028.html -
Bulletin de sécurité DSA-317 de Debian :
http://www.debian.org/security/2003/dsa-317
Toutes les versions de CUPS antérieures ou égales à la version 1.1.19rc3.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eToutes les versions de CUPS ant\u00e9rieures ou \u00e9gales \u00e0 la version 1.1.19rc3.\u003c/p\u003e",
"content": "## Description\n\nCUPS (Common Unix Printing System) est un serveur d\u0027impression bas\u00e9 sur\nIPP (Internet Printing Protocol).\n\n \nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans la gestion des requ\u00eates IPP peut \u00eatre\nexploit\u00e9e par un utilisateur mal intentionn\u00e9 afin de bloquer tout acc\u00e8s\nau service d\u0027impression.\n\n## Contournement provisoire\n\nFiltrer l\u0027acc\u00e8s au port 631/tcp utilis\u00e9 par IPP afin de limiter\nl\u0027exploitation de cette vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nAppliquer le correctif fourni par l\u0027\u00e9diteur :\n\n- Bulletin de s\u00e9curit\u00e9 MDKSA-2003:062 de Mandrake :\n\n http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:062\n\n- Bulletin de s\u00e9curit\u00e9 RHSA-2003:171 de Red Hat :\n\n http://rhn.redhat.com/errata/RHSA-2003-171.html\n\n- Bulletin de s\u00e9curit\u00e9 SuSE-SA:2003:028 de SuSE :\n\n http://www.suse.com/de/security/2003_028.html\n\n- Bulletin de s\u00e9curit\u00e9 DSA-317 de Debian :\n\n http://www.debian.org/security/2003/dsa-317\n",
"cves": [],
"links": [
{
"title": "Annonce \"CUPS Denial of Service Attack Vulnerability\" :",
"url": "http://www.cups.org/news.php?V119"
}
],
"reference": "CERTA-2003-AVI-094",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-05-30T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 de SuSE.",
"revision_date": "2003-06-10T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 de debian.",
"revision_date": "2003-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Un d\u00e9ni de service est possible sur le serveur d\u0027impression CUPS.\n",
"title": "Vuln\u00e9rabilit\u00e9 du service d\u0027impression CUPS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RHSA-2003:171 de Red Hat",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 MDKSA-2003:062 de Mandrake",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…