CUPS- HTTP Content-Length issue
rahulmode
move2rahul at yahoo.co.in
Mon Apr 7 07:28:07 PDT 2008
> rahulmode wrote:
> > I noticed that in CUPS1.1.23, when I connect to the server using
> >
> > # nc 10.10.220.231 631
> > POST /printers/printer/ HTTP/1.1
> > Content-Length:
> >
> >
> > \n
> > \n
> >
> >
> >
> >
> > --------------------------------
> >
> > It's clear from the source code that, it waits for 2147483647 Number of Bytes !!!!! This may result in possible DOS.
> >
> > Regarding this issue, I got no info on the forums!
> > So please, can someone tell why is this issue not handled ..
> > is this a feature? if yes how ??
>
> Well, first you might test with a newer release - 1.1.23 is very
> old. If the same problem occurs with 1.3.7, please file a bug
> report:
>
> http://www.cups.org/str.php
>
> Second, there are a lot of ways to do Denial-of-Service attacks on
> any network service, and adding a length check for Content-Length
> won't prevent them...
>
> --
> ______________________________________________________________________
> Michael Sweet, Easy Software Products mike at easysw dot com
I checked the same .. on CUPS-1.3.7 where again the problem is reproducible.
FILED the BUG !! ( STR #2787 )
It's a security issue related to CUPS ( all versions )
More information about the cups
mailing list