[cups-devel] [UNKN] STR #4476: Security Vulnerability :- Medium ipp (631/tcp)(CVSS: 4.3) NVT: Check for SSL Weak Ciphers

Alok Pandey noreply at cups.org
Tue Sep 2 01:03:04 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

Summary:
This routine search for weak SSL ciphers offered by a service.
Vulnerability Insight:
These rules are applied for the evaluation of the cryptographic strength:
- - Any SSL/TLS using no cipher is considered weak.
- - All SSLv2 ciphers are considered weak due to a design flaw within the
SSLv2 pr
,!otocol.
- - RC4 is considered to be weak.
- - Ciphers using 64 bit or less are considered to be vulnerable to brute
force me
,!thods
and therefore considered as weak.
- - 1024 bit RSA authentication is considered to be insecure and therefore as
weak
,!.
- - CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or
Lucky
,! 13 attacks
. . . continues on next page . . .
2 RESULTS PER HOST 35
. . . continued from previous page . . .
- - Any cipher considered to be secure for only the next 10 years is
considered as
,! medium
- - Any other cipher is considered as strong
Solution:
The configuration of this services should be changed so
that it does not support the listed weak ciphers anymore.
Weak ciphers offered by this service:
SSL3_RSA_RC4_128_MD5
SSL3_RSA_RC4_128_SHA
TLS1_RSA_RC4_128_MD5
TLS1_RSA_RC4_128_SHA


How to fix it in cups ?

Link: https://www.cups.org/str.php?L4476
Version: 1.4.2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJUBXm4AAoJENujp6sI12IjtIYP/iJpPlky+Xwahx7MsphNJANv
5H3C8PZFYm0W+dhs7I17hkOtToepyjU99frh1lcqlerreVqtjjI6f+dfP7KrT7YL
HmXHaQJpjLrY4USqJwdE8H2Omnx5a+Kbu+ZdKfUwFsj5XA2/cHC6kgva2Zb+p12N
p4blZLeTdWvNFD0Fg8CA1HqeuMGRSyHEvpOkG1GKRiK6QRogLBklcQZbHXmzESSP
vaTGqy/iapMwI9hWOK+V8dDcmLJb3BhJZdlbkSbcfjhFDR5jC4EJBc0veJxzBeeE
JwoU+dzbqTPwbBMjRfChuHuBRGIwLkT/z6TJYQqs5kb+90uswiu7+0N///d/6sex
bxi7/Qio5w9R3Y8r/2Wn2/MvmA6cyp9YwU/FOniePdOoCGb3IR3RT7kZfZ/e+/Ib
TOReeMb0aL8dVNMTJr6tAUtwqqpG3Y3bqFVU/12N/QYJJKc0OUSnmQDW93+zgvdf
62osiluZpKb/yQEzbJGRTuUOgdBmwhDiDdTgoqNEau6an0t5lZlMaaUAcqnrhFZ5
t1m5ap4KRlOngh8FOfThQcpnXzlfRROssXE0DaJ/ElXhHUSCfIiIo6tbY9Cf9b3n
DGX9q21L3ZIt7ynLOnnFlzNivC4FLyW4LxeRXOK7I216lfwxiISAuWOygrFTmBrH
2P9VHj0eYYABLHh4imf1
=D4cv
-----END PGP SIGNATURE-----




More information about the cups-devel mailing list