This script is Copyright (C) 2005-2014 George A. Theall
The remote print service is affected by multiple vulnerabilities.
According to its banner, the version of CUPS installed on the remote
host is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to
multiple vulnerabilities :
- A remotely exploitable buffer overflow in the 'hpgltops'
filter that enable specially-crafted HPGL files can
execute arbitrary commands as the CUPS 'lp' account.
- A local user may be able to prevent anyone from changing
their password until a temporary copy of the new
file is cleaned up (lppasswd flaw).
- A local user may be able to add arbitrary content to the
password file by closing the stderr file descriptor
while running lppasswd (lppasswd flaw).
- A local attacker may be able to truncate the CUPS
password file, thereby denying service to valid clients
using digest authentication. (lppasswd flaw).
- The application applies ACLs to incoming print jobs in a
case-sensitive fashion. Thus, an attacker can bypass
restrictions by changing the case in printer names when
submitting jobs. [Fixed in 1.1.21.]
See also :
Upgrade to CUPS 1.1.23 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true