| VID |
23235 |
| Severity |
30 |
| Port |
631 |
| Protocol |
TCP |
| Class |
CUPS |
| Detailed Description |
A version of CUPS server which is older than 1.7.1 is detected as running on the host. Easy Software Products' Common UNIX Printing System (CUPS) is a cross-platform printing solution for UNIX environments that is based on the 'Internet Printing Protocol'. CUPS has a web-based graphical interface for printer management and is available on most Linux systems.
According to its banner, the version of CUPS installed on the remote host is 1.6.x greater or equal to 1.6.4 or 1.7.x earlier than 1.7.1. It is, therefore, potentially affected by an information disclosure vulnerability related to the 'lppasswd' binary, setuid ettings, and the use of '~/.cups/client.conf' files that could allow a local attacker to obtain contents from arbitrary files in certain configurations.
* Note: This check solely relied on the banner of the remote CUPS server to assess this vulnerability, so this might be a false positive.
* References:
http://www.cups.org/str.php?L4319
https://www.cups.org/blog.php?L704
* Platforms Affected:
Easy Software Products, CUPS version 1.7.1 earlier versions
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CUPS (1.7.1 or later), available from the CUPS Software Web site at http://www.cups.org/software.php |
| Related URL |
CVE-2013-6891 (CVE) |
| Related URL |
64985 (SecurityFocus) |
| Related URL |
(ISS) |
|
