Bug#530027: cups: Request from "…" using invalid Host: field "…"

May 22nd, 2009 - 08:20 pm ET by Ben Finney | Report spam

Package: cups
Version: 1.3.10-1
Severity: important

The CUPS server is rejecting all connections. With debug logging
output, I see this every second:

==
D [23/May/2009:09:48:12 +1000] cupsdAcceptClient: 9 from 192.168.5.7:631 (IPv4)
D [23/May/2009:09:48:12 +1000] cupsdReadClient: 9 POST / HTTP/1.1
D [23/May/2009:09:48:12 +1000] cupsdAuthorize: No authentication data provided.
W [23/May/2009:09:48:12 +1000] Request from "192.168.5.7" using invalid Host: field "printserver"
D [23/May/2009:09:48:12 +1000] cupsdSendError: 9 code=400 (Bad Request)
D [23/May/2009:09:48:12 +1000] cupsdCloseClient: 9
==

The host name ‘printserver’ is not invalid. It resolves correctly to
the machine running the CUPS server:

==
$ host printserver
printserver.local.whitetree.org has address 192.168.5.7
==

The server is configured in ‘/etc/cups/cupsd.conf’ to listen on that
address:

==
Listen printserver:631
==

Even if I set a client to use the FQDN, the same error occurs:

==
D [23/May/2009:09:51:38 +1000] cupsdAcceptClient: 9 from 192.168.5.7:631 (IPv4)
D [23/May/2009:09:51:38 +1000] cupsdReadClient: 9 POST / HTTP/1.1
D [23/May/2009:09:51:38 +1000] cupsdAuthorize: No authentication data provided.
W [23/May/2009:09:51:38 +1000] Request from "192.168.5.7" using invalid Host: field "printserver.local.whitetree.org"
D [23/May/2009:09:51:38 +1000] cupsdSendError: 9 code=400 (Bad Request)
D [23/May/2009:09:51:38 +1000] cupsdCloseClient: 9
==

Could this be related to the following entry in the Debian changelog:

==
* New upstream security/bug fix release:
- The scheduler now protects against DNS rebinding attacks. Please note
that this could lead to some regressions. (CVE-2009-0164)
==

I'm completely unable to print or manage CUPS while this continues.
That sounds like a regression to me, but there's no hint of how to fix
it or know whether that's behind the problem.


Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (900, 'stable')
Architecture: powerpc (ppc64)

Kernel: Linux 2.6.26-2-powerpc64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_AU.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cups depends on:
ii adduser 3.110 add and remove users and groups
ii bc 1.06.94-3.1 The GNU bc arbitrary precision cal
ii cups-common 1.3.10-1 Common UNIX Printing System(tm) -
ii debconf [debconf-2.0 1.5.26 Debian configuration management sy
ii ghostscript 8.64~dfsg-1.1 The GPL Ghostscript PostScript/PDF
ii libavahi-compat-libd 0.6.25-1 Avahi Apple Bonjour compatibility
ii libc6 2.9-4 GNU C Library: Shared libraries
ii libcups2 1.3.10-1 Common UNIX Printing System(tm) -
ii libcupsimage2 1.3.10-1 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.12-1 simple interprocess messaging syst
ii libgcc1 1:4.4.0-4 GCC support library
ii libgnutls26 2.6.6-1 the GNU TLS library - runtime libr
ii libgssapi-krb5-2 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries - k
ii libijs-0.35 0.35-7 IJS raster image transport protoco
ii libkrb5-3 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libpam0g 1.0.1-9 Pluggable Authentication Modules l
ii libpaper1 1.1.23+nmu1 library for handling paper charact
ii libpoppler4 0.10.4-3 PDF rendering library
ii libslp1 1.2.1-7.5 OpenSLP libraries
ii libstdc++6 4.4.0-4 The GNU Standard C++ Library v3
ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip
ii perl-modules 5.10.0-22 Core Perl modules
ii poppler-utils [xpdf- 0.10.4-3 PDF utilitites (based on libpopple
ii procps 1:3.2.7-11 /proc file system utilities
ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL
ii ttf-freefont 20080323-3 Freefont Serif, Sans and Mono True
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime

Versions of packages cups recommends:
ii avahi-utils 0.6.25-1 Avahi browsing, publishing and dis
ii cups-client 1.3.10-1 Common UNIX Printing System(tm) -
ii foomatic-filters 4.0-20090509-1 OpenPrinting printer support - fil
ii smbclient 2:3.3.4-1 command-line SMB/CIFS clients for

Versions of packages cups suggests:
ii cups-bsd 1.3.10-1 Common UNIX Printing System(tm) -
ii cups-driver-gutenprint 5.2.3-2+b1 printer drivers for CUPS
ii cups-pdf 2.5.0-2 PDF printer for CUPS
ii foomatic-db 20090508-1 OpenPrinting printer support - dat
ii foomatic-db-engine 4.0-20090509-1 OpenPrinting printer support - pro
pn hplip <none> (no description available)
pn xpdf-korean | xpdf-japane <none> (no description available)

cupsys/raw-print: true
cupsys/backend: ipp, lpd, parallel, scsi, serial, socket, usb, snmp, dnssd

\ “[T]he question of whether machines can think … is about as |
`\ relevant as the question of whether submarines can swim.” |
_o__) —Edsger W. Dijkstra |
Ben Finney <ben@benfinney.id.au>






To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
email Follow the discussionReplies 5 repliesReplies Make a reply

Similar topics

Replies

#1 Ben Finney
May 22nd, 2009 - 08:30 pm ET | Report spam

On 23-May-2009, Ben Finney wrote:
Could this be related to the following entry in the Debian changelog:

==
* New upstream security/bug fix release:
- The scheduler now protects against DNS rebinding attacks. Please note
that this could lead to some regressions. (CVE-2009-0164)
==

I'm completely unable to print or manage CUPS while this continues.
That sounds like a regression to me, but there's no hint of how to fix
it or know whether that's behind the problem.



I have downgraded to ‘cups 1.3.8-1lenny5’, with no other change, and
the correct behaviour is restored. This supports the explanation that
a change in the newer version is the cause of this bug.

\ “I was stopped by the police for speeding; they said ‘Don't you |
`\ know the speed limit is 55 miles an hour?’ I said ‘Yeah I know, |
_o__) but I wasn't going to be out that long.’” —Steven Wright |
Ben Finney






To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Replies Reply to this message
#2 Ben Finney
June 02nd, 2009 - 08:20 am ET | Report spam

package cups
found 530027 1.3.10-2
thanks

On 23-May-2009, Ben Finney wrote:
On 23-May-2009, Ben Finney wrote:
> Could this be related to the following entry in the Debian
> changelog:
>
> ==
> * New upstream security/bug fix release:
> - The scheduler now protects against DNS rebinding attacks. Please note
> that this could lead to some regressions. (CVE-2009-0164)
> ==
>
> I'm completely unable to print or manage CUPS while this
> continues. That sounds like a regression to me, but there's no
> hint of how to fix it or know whether that's behind the problem.



This bug continues to occur in cups 1.3.10-2.

\ “The way to build large Python applications is to componentize |
`\ and loosely-couple the hell out of everything.” —Aahz |
_o__) |
Ben Finney






To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Replies Reply to this message
#3 Ben Finney
July 26th, 2009 - 12:00 am ET | Report spam
package cups
found 530027 1.3.11-1
thanks

On 23-May-2009, Ben Finney wrote:
On 23-May-2009, Ben Finney wrote:
> Could this be related to the following entry in the Debian
> changelog:
>
> => > * New upstream security/bug fix release:
> - The scheduler now protects against DNS rebinding attacks. Please note
> that this could lead to some regressions. (CVE-2009-0164)
> => >
> I'm completely unable to print or manage CUPS while this
> continues. That sounds like a regression to me, but there's no
> hint of how to fix it or know whether that's behind the problem.



This bug continues to occur in cups 1.3.11-1.

\ “The way to build large Python applications is to componentize |
`\ and loosely-couple the hell out of everything.” —Aahz |
_o__) |
Ben Finney



To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Replies Reply to this message
#4 Ben Finney
October 08th, 2009 - 01:10 am ET | Report spam
package cups
found 530027 1.4.1-4
thanks

On 23-May-2009, Ben Finney wrote:
On 23-May-2009, Ben Finney wrote:
> Could this be related to the following entry in the Debian
> changelog:
>
> => > * New upstream security/bug fix release:
> - The scheduler now protects against DNS rebinding attacks. Please note
> that this could lead to some regressions. (CVE-2009-0164)
> => >
> I'm completely unable to print or manage CUPS while this
> continues. That sounds like a regression to me, but there's no
> hint of how to fix it or know whether that's behind the problem.



This bug continues to occur in cups 1.4.1-4.

\ “People's Front To Reunite Gondwanaland: Stop the Laurasian |
`\ Separatist Movement!” —wiredog, http://kuro5hin.org/ |
_o__) |
Ben Finney



To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Replies Reply to this message
#5 Ben Finney
December 05th, 2009 - 07:50 pm ET | Report spam
package cups
found 530027 1.4.2-4
thanks

On 23-May-2009, Ben Finney wrote:
On 23-May-2009, Ben Finney wrote:
> Could this be related to the following entry in the Debian
> changelog:
>
> => > * New upstream security/bug fix release:
> - The scheduler now protects against DNS rebinding attacks. Please note
> that this could lead to some regressions. (CVE-2009-0164)
> => >
> I'm completely unable to print or manage CUPS while this
> continues. That sounds like a regression to me, but there's no
> hint of how to fix it or know whether that's behind the problem.



This bug continues to occur in cups 1.4.2-4.

Enabling debug logging shows the following log entries when a client
attempts to connect:

=D [06/Dec/2009:11:14:27 +1100] cupsdAcceptClient: 13 from 192.168.5.7:631 (IPv4)
D [06/Dec/2009:11:14:27 +1100] cupsdReadClient: 13 GET / HTTP/1.1
D [06/Dec/2009:11:14:27 +1100] cupsdSetBusyState: Active clients and dirty files
D [06/Dec/2009:11:14:27 +1100] cupsdAuthorize: No authentication data provided.
E [06/Dec/2009:11:14:27 +1100] Request from "192.168.5.7" using invalid Host: field "printserver:631"
D [06/Dec/2009:11:14:27 +1100] cupsdReadClient: 13 Closing because Keep-Alive disabled
D [06/Dec/2009:11:14:27 +1100] cupsdCloseClient: 13
D [06/Dec/2009:11:14:27 +1100] cupsdSetBusyState: Dirty files
=
What is the plan to address this bug? I'm unable to upgrade to any
version released in Squeeze so far.

\ “People's Front To Reunite Gondwanaland: Stop the Laurasian |
`\ Separatist Movement!” —wiredog, http://kuro5hin.org/ |
_o__) |
Ben Finney



To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
email Follow the discussion Replies Reply to this message
Help Create a new topicReplies Make a reply
Search Make your own search