Bugzilla – Bug 47317
VUL-0: CVE-2003-0788 : cups: denial-of-service due to bug in libcups
Last modified: 2021-09-26 10:29:39 UTC
Hi Klaus, the disussion is attched...
<!-- SBZ_reproduce --> .
Created attachment 14908 [details] discussion
Created attachment 14909 [details] putonftp-8.2.cups
Created attachment 14910 [details] patchinfo.cups
Available fix seems not to be correct (according to author), because it incorrectly returns -1, which causes other conflicts. and: This problem affects all version of CUPS up to 1.1.19 (= incl. SuLi 9.0) if author understands problem correctly. But author is currently not reachable (maybe doing his contractor job a Apple) and it may take its time to verify fixes according to CUPS Software Trouble Report system. First (incorrect) try for fix is found here: http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=94115&action=view CUPS STR page is this: http://www.cups.org/str.php?L315
Is there a backup for him? Can you reproduce this bug with the newest CUPS version?
No, no backup. Seems that only the Red Hat customer (means not even Red Hat) is possible to produce this bug. No code for reproducing the problem can be found on cups.org neither on bugzilla.redhat.com
Date: Thu, 30 Oct 2003 15:45:37 -0200 From: Andreas <andreas@conectiva.com.br> To: vendor-sec@lst.de Cc: Michael Sweet <mike@easysw.com> Subject: Re: [vendor-sec] Issue in CUPS with security consequences On Fri, Oct 03, 2003 at 10:03:41AM +0100, Mark J Cox wrote: > Tim Waugh developed a patch: > > http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=94115&action=view > > In order to exploit this bug, an attacker would need the ability to make a > TCP connection to the IPP port. Tim's new patch and CUPS' str entry are at http://www.cups.org/str.php?L315+P0+S0+C0+I0+E0+Q
CAN-2003-0788
http://www.heise.de/newsticker/data/dab-04.11.03-001/ We need to hurry up.
I must have been removed from update notification of CUPS str. :( Currently the website www.cups.org is not reachable. :( Connection timed out.
I can connect by using proxy.arcor-ip.de:8080 I'll append the patch...
Created attachment 15216 [details] cups-1.1.17-loop.patch
little note: "cups-1.1.17-loop.patch seems to be the relevant bit of the 1.1.18->1.1.19 patch. This patch presumes that the STR75 patch has already been applied.2
made packages for: 8.1 (= UL1), 8.2, 8.3 not affected: 7.3, 9.0 patchinfo submitted
I forget to mention that I didn't build a patch for SLEC, as Mike Hager is currently not reachable and we don't know what to do, what he is planing.
reassigning to security-team till bug will be released.
approved packages
CVE-2003-0788: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)