| VID |
23241 |
| Severity |
40 |
| Port |
631 |
| Protocol |
TCP |
| Class |
CUPS |
| Detailed Description |
A version of CUPS server which is older than 2.0.3 is detected as running on the host. Easy Software Products' Common UNIX Printing System (CUPS) is a cross-platform printing solution for UNIX environments that is based on the 'Internet Printing Protocol'. CUPS has a web-based graphical interface for printer management and is available on most Linux systems. According to its banner, the version of CUPS installed on the remote host is earlier than 2.0.3. It is, therefore, potentially affected by the following vulnerabilities :
- A privilege escalation vulnerability exists due to a flaw in cupsd when handling printer job request errors. An unauthenticated, remote attacker can exploit this, with a specially crafted request, to prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap, resulting ACL verification to fail when parsing 'admin/conf' and 'admin' ACLs. This allows an attacker to upload a replacement CUPS configuration file. (CVE-2015-1158)
- A cross-site scripting vulnerability exists due to improper sanitization of user-supplied input to the 'QUERY' parameter of the help page. This allows a remote attacker, with a specially crafted request, to execute arbitrary script code. (CVE-2015-1159)
* Note: This check solely relied on the banner of the remote CUPS server to assess this vulnerability, so this might be a false positive.
* References:
https://cups.org/blog.php?L1082
https://cups.org/str.php?L4609
* Platforms Affected:
Easy Software Products, CUPS versions prior to 2.0.3
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CUPS (2.0.3 or later), available from the CUPS Software Web site at http://www.cups.org/software.php |
| Related URL |
CVE-2015-1158,CVE-2015-1159 (CVE) |
| Related URL |
75098 (SecurityFocus) |
| Related URL |
(ISS) |
|
