ID CVE-2003-0788 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:29:00
Description
Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).
{"osvdb": [{"lastseen": "2017-04-28T13:19:57", "bulletinFamily": "software", "cvelist": ["CVE-2003-0788"], "edition": 1, "description": "## Vulnerability Description\nCUPS V1.1.19 contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user connects to TCP port 631 (IPP) and cause IPP to enter into an infinite loop.\n## Technical Description\nCUPS (Common Unix Printing System) is a Unix print spooler.\n## Solution Description\nUpgrade to version 1.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Restrict access to ensure that only trusted users can access the service.\n\n\n## Short Description\nCUPS V1.1.19 contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user connects to TCP port 631 (IPP) and cause IPP to enter into an infinite loop.\n## References:\nVendor URL: http://www.cups.org/\n[Secunia Advisory ID:10123](https://secuniaresearch.flexerasoftware.com/advisories/10123/)\nISS X-Force ID: 13584\n[CVE-2003-0788](https://vulners.com/cve/CVE-2003-0788)\n", "modified": "2003-11-03T08:59:16", "published": "2003-11-03T08:59:16", "id": "OSVDB:2761", "href": "https://vulners.com/osvdb/OSVDB:2761", "title": "CUPS Unspecified DoS ", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:20", "description": "A bug in versions of CUPS prior to 1.1.19 was reported by Paul\nMitcheson in the Internet Printing Protocol (IPP) implementation would\nresult in CUPS going into a busy loop, which could result in a Denial\nof Service (DoS) condition. To be able to exploit this problem, an\nattacker would need to be able to make a TCP connection to the IPP\nport (port 631 by default).\n\nThe provided packages have been patched to correct this problem.", "edition": 24, "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : cups (MDKSA-2003:104)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0788"], "modified": "2004-07-31T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libcups1-devel", "p-cpe:/a:mandriva:linux:cups-serial", "p-cpe:/a:mandriva:linux:libcups1", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "p-cpe:/a:mandriva:linux:cups", "p-cpe:/a:mandriva:linux:cups-common"], "id": "MANDRAKE_MDKSA-2003-104.NASL", "href": "https://www.tenable.com/plugins/nessus/14086", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:104. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14086);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0788\");\n script_bugtraq_id(8952);\n script_xref(name:\"MDKSA\", value:\"2003:104\");\n\n script_name(english:\"Mandrake Linux Security Advisory : cups (MDKSA-2003:104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in versions of CUPS prior to 1.1.19 was reported by Paul\nMitcheson in the Internet Printing Protocol (IPP) implementation would\nresult in CUPS going into a busy loop, which could result in a Denial\nof Service (DoS) condition. To be able to exploit this problem, an\nattacker would need to be able to make a TCP connection to the IPP\nport (port 631 by default).\n\nThe provided packages have been patched to correct this problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-serial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"cups-1.1.18-2.2.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"cups-common-1.1.18-2.2.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"cups-serial-1.1.18-2.2.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libcups1-1.1.18-2.2.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libcups1-devel-1.1.18-2.2.90mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
