OpenPrinting CUPS Denial-of-Service Vulnerability Due to Slow Client Communication

A denial-of-service vulnerability has been identified in OpenPrinting CUPS versions prior to 2.4.15. The issue arises when a client connects to the CUPS daemon (cupsd) and sends data at a very slow rate, such as one byte per second. This behavior can cause cupsd to become unresponsive to other clients. The vulnerability is exacerbated by CUPS's default configuration, which limits access to trusted users but can be misconfigured to allow broader access.

Impact

Exploitation of this vulnerability can lead to a significant slowdown of the CUPS printing service, causing it to become unresponsive to other clients. This disruption can be particularly problematic if a trusted client accidentally sends data slowly, as it can freeze the printing service for all users.

Reproduction

To reproduce this vulnerability, connect to the CUPS server using netcat and send data slowly. This can be done by using a loop that sends one byte per second. While this 'slow client' is active, run another command that interacts with the CUPS service, such as checking the status of printers. The CUPS service will become unresponsive to the second command, demonstrating the denial-of-service effect.

Remediation

Users can upgrade to CUPS version 2.4.15, which addresses this vulnerability by implementing a timeout for slow connections, allowing cupsd to recover and become responsive again.