CUPS < 1.6.2 Multiple Vulnerabilities

high Nessus Plugin ID 65970

Synopsis

The remote print service is potentially affected by multiple vulnerabilities.

Description

According to its banner, the version of CUPS installed on the remote host is earlier than 1.6.2. It is, therefore, potentially affected by the following vulnerabilities :

- Permissions on the file '/var/run/cups/certs/0' could allow access to CUPS administration interface authentication key material and thus, the interface itself with admin rights. Additionally, users with admin rights can edit the configuration file and specify malicious commands that are then carried out with root user permissions. (CVE-2012-5519)

- Multiple errors exist related to the functions 'ippEnumString', 'ippReadIO', 'set_time', 'load_request_root' and 'http_resolve_cb' that could allow denial of service attacks.

Solution

Upgrade to CUPS version 1.6.2 or later, or apply the vendor patch.

See Also

https://www.cups.org/blog/2013-03-18-cups-1.6.2.html

https://github.com/apple/cups/issues/4223

https://github.com/apple/cups/issues/4242

https://www.openwall.com/lists/oss-security/2012/11/11/2

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791

Plugin Details

Severity: High

ID: 65970

File Name: cups_1_6_2.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 4/10/2013

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: Settings/ParanoidReport, www/cups

Exploit Ease: No known exploits are available

Patch Publication Date: 3/18/2013

Vulnerability Publication Date: 11/8/2012

Reference Information

CVE: CVE-2012-5519

BID: 56494