CUPS 1.6.x >= 1.6.4 / 1.7.x < 1.7.1 lppasswd Information Disclosure

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote print service is potentially affected by an information
disclosure vulnerability.

Description :

According to its banner, the version of CUPS installed on the remote
host is 1.6.x greater or equal to 1.6.4 or 1.7.x earlier than 1.7.1.
It is, therefore, potentially affected by an information disclosure
vulnerability related to the 'lppasswd' binary, setuid settings, and
the use of '~/.cups/client.conf' files that could allow a local
attacker to obtain contents from arbitrary files in certain

See also :

Solution :

Upgrade to CUPS version 1.7.1 or later, or apply the vendor patch.

Risk factor :

Medium / CVSS Base Score : 4.7
CVSS Temporal Score : 4.1
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 71977 ()

Bugtraq ID: 64985

CVE ID: CVE-2013-6891

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now