CUPS < 1.1.18 Multiple Vulnerabilities

high Nessus Plugin ID 11199

Synopsis

The remote printer service has multiple vulnerabilities.

Description

The remote CUPS server seems vulnerable to various flaws (buffer overflow, denial of service, privilege escalation) that could allow a remote attacker to shut down this service or remotely gain the privileges of the 'lp' user.

Solution

Upgrade to CUPS version 1.1.18 or later.

Plugin Details

Severity: High

ID: 11199

File Name: cups_vulns.nasl

Version: 1.26

Type: remote

Family: Misc.

Published: 1/18/2003

Updated: 7/6/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/12/2002

Vulnerability Publication Date: 12/19/2002

Reference Information

CVE: CVE-2002-1366, CVE-2002-1367, CVE-2002-1368, CVE-2002-1369, CVE-2002-1372, CVE-2002-1383, CVE-2002-1384

BID: 6436, 6437, 6438, 6440, 6475, 6433, 6434, 6435

SuSE: SUSE-SA:2003:002