Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 170881 - net-print/cups DoS (CVE-2007-0720)
Summary: net-print/cups DoS (CVE-2007-0720)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa+] Falco
: 174801 (view as bug list)
Depends on: 136902
  Show dependency tree
Reported: 2007-03-14 14:14 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2020-03-11 08:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-14 14:14:52 UTC
This seems not only to affect Apple. It should be fixed in cups 1.2.7.

The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-03-15 21:17:22 UTC
bâ :(
Comment 2 Matt Drew (RETIRED) gentoo-dev 2007-03-24 22:55:15 UTC
bug is public:

1.2.9 is already in the tree.

Arches, please stabilize 1.2.9 (unless there are objections).
Comment 3 Matt Drew (RETIRED) gentoo-dev 2007-03-24 22:57:45 UTC
Note that per the Red Hat bug 1.1 is also affected.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2007-03-25 09:28:03 UTC
ppc64 stable (1.2.9)
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2007-03-25 10:26:40 UTC
ppc stable
Comment 6 Markus Meier gentoo-dev 2007-03-25 11:28:16 UTC
net-print/cups-1.2.9  USE="X dbus jpeg ldap nls pam png ppds samba ssl tiff -php -slp"
1. emerges on x86
2. passes collision test
3. net-print/libgnomecups-0.2.2 emerges with it
4. works

Portage (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, i686)
System uname: i686 AMD Athlon(TM) XP1800+
Gentoo Base System release 1.12.9
Timestamp of tree: Sun, 25 Mar 2007 09:30:01 +0000
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php4/ext-active/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php4/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php4/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php4/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
LINGUAS="en de en_GB"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
USE="3dnow 3dnowext X a52 aac alsa apache2 berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus divx4linux dri dts dvd dvdr dvdread eds emboss exif fam ffmpeg firefox fortran gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde ldap libg++ mad midi mikmod mmx mmxext mono mp3 mpeg ncurses network nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl svg tcpd test tetex tiff truetype truetype-fonts type1-fonts unicode usb vcd vorbis win32codecs x86 xine xinerama xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LINGUAS="en de en_GB" USERLAND="GNU" VIDEO_CARDS="nv none"
Comment 7 Andrej Kacian (RETIRED) gentoo-dev 2007-03-25 19:39:27 UTC
x86 done
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2007-03-26 14:32:37 UTC
sparc stable.
Comment 9 Chris Gianelloni (RETIRED) gentoo-dev 2007-03-27 00:22:47 UTC
alpha/amd64/ia64 done
Comment 10 Chris Gianelloni (RETIRED) gentoo-dev 2007-03-27 00:26:19 UTC
Crap... OK... not alpha (yet)... which version should I be stabilizing there?
Comment 11 Jeroen Roovers (RETIRED) gentoo-dev 2007-03-27 04:49:30 UTC
Stable for HPPA.
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-27 06:51:33 UTC
Pulling in maintainers now.

Printing tt appears that 1.2.x is not working on alpha could you provide a fixed ebuild for 1.1.x as well?
Comment 13 Stefan Schweizer (RETIRED) gentoo-dev 2007-03-27 08:43:27 UTC
I was under the impression that alpha have not yet payed attention to cups-1.2. See bug 136902

Where do you know from that it doesnt work on alpha? Can the individual who tested it please also comment there and explain why he believes that cups-1.2 does not work on alpha?

Have marked the other bug as depend of this one for now.
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-27 09:24:02 UTC
@genstef I presumed (perhaps wrongly) that it was not working and alpha was not slacking.

Chris please comment.
Comment 15 Chris Gianelloni (RETIRED) gentoo-dev 2007-03-27 15:43:54 UTC
I asked which versions I should be stabilizing.  If I should be marking 1.2.9 (and deps) straight to stable, then just tell me as much.
Comment 16 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-28 06:15:44 UTC
This is only fixed in 1.2.9 so target keywords are:

cups-1.2.9.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"

I hope this covers everything.
Comment 17 Chris Gianelloni (RETIRED) gentoo-dev 2007-03-29 14:32:41 UTC
Alpha done...
Comment 18 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-16 15:47:31 UTC
*** Bug 174801 has been marked as a duplicate of this bug. ***
Comment 19 Lubomir Rintel 2007-04-17 12:08:39 UTC
Please note that the timeout actually fixes nothing. Tell Mr. Sweet, and he'll tell you that you are and idiot and that the DoS with just one connection and few bytes sent is equal to distributed DoS with hundreds of requests and resources spent and can not be fixed. Users should be warned somehow that they shouldn't expose the web interfaces to their print servers to Internet. That would be a good practice anyways. ('I' in "IPP" actually stands for "Intranet", not?)

See attachment 151009 [details, diff] in Red Hat BTS for a PoC.
Comment 20 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-02 11:54:11 UTC
GLSA 200703-28