CUPS < 1.1.23 Multiple Vulnerabilities

high Nessus Plugin ID 16141

Synopsis

The remote print service is affected by multiple vulnerabilities.

Description

According to its banner, the version of CUPS installed on the remote host is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to multiple vulnerabilities :

- A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted HPGL files can execute arbitrary commands as the CUPS 'lp' account.

- A local user may be able to prevent anyone from changing their password until a temporary copy of the new password file is cleaned up (lppasswd flaw).

- A local user may be able to add arbitrary content to the password file by closing the stderr file descriptor while running lppasswd (lppasswd flaw).

- A local attacker may be able to truncate the CUPS password file, thereby denying service to valid clients using digest authentication. (lppasswd flaw).

- The application applies ACLs to incoming print jobs in a case-sensitive fashion. Thus, an attacker can bypass restrictions by changing the case in printer names when submitting jobs. [Fixed in 1.1.21.]

Solution

Upgrade to CUPS 1.1.23 or later.

See Also

http://www.cups.org/str.php?L700

http://www.cups.org/str.php?L1024

http://www.cups.org/str.php?L1023

Plugin Details

Severity: High

ID: 16141

File Name: cups_multiple_vulnerabilities.nasl

Version: 1.26

Type: remote

Family: Misc.

Published: 1/12/2005

Updated: 7/6/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/16/2004

Reference Information

CVE: CVE-2004-1267, CVE-2004-1268, CVE-2004-1269, CVE-2004-1270, CVE-2005-2874

BID: 11968, 12004, 12005, 12007, 12200, 14265

CWE: 119

FLSA: FEDORA-2004-559, FEDORA-2004-560

GLSA: GLSA-200412-25