Detections
Analytics
CUPS < 1.1.23 Multiple Vulnerabilities
high Nessus Plugin ID 16141
Language:
Synopsis
The remote print service is affected by multiple vulnerabilities.Description
According to its banner, the version of CUPS installed on the remote host is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to multiple vulnerabilities :- A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted HPGL files can execute arbitrary commands as the CUPS 'lp' account.
- A local user may be able to prevent anyone from changing their password until a temporary copy of the new password file is cleaned up (lppasswd flaw).
- A local user may be able to add arbitrary content to the password file by closing the stderr file descriptor while running lppasswd (lppasswd flaw).
- A local attacker may be able to truncate the CUPS password file, thereby denying service to valid clients using digest authentication. (lppasswd flaw).
- The application applies ACLs to incoming print jobs in a case-sensitive fashion. Thus, an attacker can bypass restrictions by changing the case in printer names when submitting jobs. [Fixed in 1.1.21.]
Solution
Upgrade to CUPS 1.1.23 or later.See Also
http://www.cups.org/str.php?L700
Plugin Details
Severity: High
ID: 16141
File Name: cups_multiple_vulnerabilities.nasl
Version: 1.26
Type: remote
Family: Misc.
Published: 1/12/2005
Updated: 7/6/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:apple:cups
Required KB Items: Settings/ParanoidReport, www/cups
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 12/16/2004
Reference Information
CVE: CVE-2004-1267, CVE-2004-1268, CVE-2004-1269, CVE-2004-1270, CVE-2005-2874