CUPS 1.6.x >= 1.6.4 / 1.7.x < 1.7.1 lppasswd Information Disclosure

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote print service is potentially affected by an information
disclosure vulnerability.

Description :

According to its banner, the version of CUPS installed on the remote
host is 1.6.x greater or equal to 1.6.4 or 1.7.x earlier than 1.7.1.
It is, therefore, potentially affected by an information disclosure
vulnerability related to the 'lppasswd' binary, setuid settings, and
the use of '~/.cups/client.conf' files that could allow a local
attacker to obtain contents from arbitrary files in certain
configurations.

See also :

http://www.cups.org/str.php?L4319
https://www.cups.org/blog.php?L704

Solution :

Upgrade to CUPS version 1.7.1 or later, or apply the vendor patch.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 71977 ()

Bugtraq ID: 64985

CVE ID: CVE-2013-6891

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial