CUPS < 1.1.23 Multiple Vulnerabilities

This script is Copyright (C) 2005-2014 George A. Theall

Synopsis :

The remote print service is affected by multiple vulnerabilities.

Description :

According to its banner, the version of CUPS installed on the remote
host is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to
multiple vulnerabilities :

- A remotely exploitable buffer overflow in the 'hpgltops'
filter that enable specially crafted HPGL files can
execute arbitrary commands as the CUPS 'lp' account.

- A local user may be able to prevent anyone from changing
their password until a temporary copy of the new
file is cleaned up (lppasswd flaw).

- A local user may be able to add arbitrary content to the
password file by closing the stderr file descriptor
while running lppasswd (lppasswd flaw).

- A local attacker may be able to truncate the CUPS
password file, thereby denying service to valid clients
using digest authentication. (lppasswd flaw).

- The application applies ACLs to incoming print jobs in a
case-sensitive fashion. Thus, an attacker can bypass
restrictions by changing the case in printer names when
submitting jobs. [Fixed in 1.1.21.]

See also :

Solution :

Upgrade to CUPS 1.1.23 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 16141 (cups_multiple_vulnerabilities.nasl)

Bugtraq ID: 11968

CVE ID: CVE-2004-1267