[Pkg-cups-devel] Bug#530027: cups: Request from "…" using invalid Host: field "…"
Ben Finney
ben+debian at benfinney.id.au
Sat May 23 00:00:44 UTC 2009
Package: cups
Version: 1.3.10-1
Severity: important
The CUPS server is rejecting all connections. With debug logging
output, I see this every second:
=====
D [23/May/2009:09:48:12 +1000] cupsdAcceptClient: 9 from 192.168.5.7:631 (IPv4)
D [23/May/2009:09:48:12 +1000] cupsdReadClient: 9 POST / HTTP/1.1
D [23/May/2009:09:48:12 +1000] cupsdAuthorize: No authentication data provided.
W [23/May/2009:09:48:12 +1000] Request from "192.168.5.7" using invalid Host: field "printserver"
D [23/May/2009:09:48:12 +1000] cupsdSendError: 9 code=400 (Bad Request)
D [23/May/2009:09:48:12 +1000] cupsdCloseClient: 9
=====
The host name ‘printserver’ is not invalid. It resolves correctly to
the machine running the CUPS server:
=====
$ host printserver
printserver.local.whitetree.org has address 192.168.5.7
=====
The server is configured in ‘/etc/cups/cupsd.conf’ to listen on that
address:
=====
Listen printserver:631
=====
Even if I set a client to use the FQDN, the same error occurs:
=====
D [23/May/2009:09:51:38 +1000] cupsdAcceptClient: 9 from 192.168.5.7:631 (IPv4)
D [23/May/2009:09:51:38 +1000] cupsdReadClient: 9 POST / HTTP/1.1
D [23/May/2009:09:51:38 +1000] cupsdAuthorize: No authentication data provided.
W [23/May/2009:09:51:38 +1000] Request from "192.168.5.7" using invalid Host: field "printserver.local.whitetree.org"
D [23/May/2009:09:51:38 +1000] cupsdSendError: 9 code=400 (Bad Request)
D [23/May/2009:09:51:38 +1000] cupsdCloseClient: 9
=====
Could this be related to the following entry in the Debian changelog:
=====
* New upstream security/bug fix release:
- The scheduler now protects against DNS rebinding attacks. Please note
that this could lead to some regressions. (CVE-2009-0164)
=====
I'm completely unable to print or manage CUPS while this continues.
That sounds like a regression to me, but there's no hint of how to fix
it or know whether that's behind the problem.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (900, 'stable')
Architecture: powerpc (ppc64)
Kernel: Linux 2.6.26-2-powerpc64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_AU.UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cups depends on:
ii adduser 3.110 add and remove users and groups
ii bc 1.06.94-3.1 The GNU bc arbitrary precision cal
ii cups-common 1.3.10-1 Common UNIX Printing System(tm) -
ii debconf [debconf-2.0 1.5.26 Debian configuration management sy
ii ghostscript 8.64~dfsg-1.1 The GPL Ghostscript PostScript/PDF
ii libavahi-compat-libd 0.6.25-1 Avahi Apple Bonjour compatibility
ii libc6 2.9-4 GNU C Library: Shared libraries
ii libcups2 1.3.10-1 Common UNIX Printing System(tm) -
ii libcupsimage2 1.3.10-1 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.12-1 simple interprocess messaging syst
ii libgcc1 1:4.4.0-4 GCC support library
ii libgnutls26 2.6.6-1 the GNU TLS library - runtime libr
ii libgssapi-krb5-2 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries - k
ii libijs-0.35 0.35-7 IJS raster image transport protoco
ii libkrb5-3 1.6.dfsg.4~beta1-13 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
ii libpam0g 1.0.1-9 Pluggable Authentication Modules l
ii libpaper1 1.1.23+nmu1 library for handling paper charact
ii libpoppler4 0.10.4-3 PDF rendering library
ii libslp1 1.2.1-7.5 OpenSLP libraries
ii libstdc++6 4.4.0-4 The GNU Standard C++ Library v3
ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip
ii perl-modules 5.10.0-22 Core Perl modules
ii poppler-utils [xpdf- 0.10.4-3 PDF utilitites (based on libpopple
ii procps 1:3.2.7-11 /proc file system utilities
ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL
ii ttf-freefont 20080323-3 Freefont Serif, Sans and Mono True
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
Versions of packages cups recommends:
ii avahi-utils 0.6.25-1 Avahi browsing, publishing and dis
ii cups-client 1.3.10-1 Common UNIX Printing System(tm) -
ii foomatic-filters 4.0-20090509-1 OpenPrinting printer support - fil
ii smbclient 2:3.3.4-1 command-line SMB/CIFS clients for
Versions of packages cups suggests:
ii cups-bsd 1.3.10-1 Common UNIX Printing System(tm) -
ii cups-driver-gutenprint 5.2.3-2+b1 printer drivers for CUPS
ii cups-pdf 2.5.0-2 PDF printer for CUPS
ii foomatic-db 20090508-1 OpenPrinting printer support - dat
ii foomatic-db-engine 4.0-20090509-1 OpenPrinting printer support - pro
pn hplip <none> (no description available)
pn xpdf-korean | xpdf-japane <none> (no description available)
-- debconf information:
cupsys/raw-print: true
cupsys/backend: ipp, lpd, parallel, scsi, serial, socket, usb, snmp, dnssd
--
\ “[T]he question of whether machines can think … is about as |
`\ relevant as the question of whether submarines can swim.” |
_o__) —Edsger W. Dijkstra |
Ben Finney <ben at benfinney.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20090523/7c6c3615/attachment.pgp>
More information about the Pkg-cups-devel
mailing list