Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: General :: cups2.htm

CUPS prior to 1.1.5 - possible DoS



Vulnerability

    CUPS

Affected

    CUPS prior to 1.1.5

Description

    Following is based on  a Linux-Mandrake Security Update  Advisory.
    A problem exists in all versions  of CUPS prior to 1.1.5 with  the
    httpGets() function.  It could go into an infinite loop if a  line
    longer than  the input  buffer size  was sent  by a  client.  This
    could  be  used  as  a  DoS  attack.   As  well, all occurances of
    sprintf() calls were changed to snprintf(), and all occurances  of
    strcpy()  calls  were  changed  to  strncpy() calls, both of which
    protect against buffer overflows.   Finally, CUPS now defaults  to
    not broadcasting the printer  information anymore by default,  and
    by default access is only allowed from the local machine.

Solution

    Patches:

        Linux-Mandrake 7.2: 7.2/RPMS/cups-1.1.6-10.1mdk.i586.rpm
                            7.2/RPMS/cups-devel-1.1.6-10.1mdk.i586.rpm
                            7.2/SRPMS/cups-1.1.6-10.1mdk.src.rpm


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH