CUPS < 2.0.3 Multiple Vulnerabilities

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote printer service is potentially affected by multiple
vulnerabilities.

Description :

According to its banner, the CUPS printer service running on the
remote host is a version prior to 2.0.3. It is, therefore, potentially
affected by the following vulnerabilities :

- A privilege escalation vulnerability exists due to a
flaw in cupsd when handling printer job request errors.
An unauthenticated, remote attacker can exploit this,
with a specially crafted request, to prematurely free an
arbitrary string of global scope, creating a dangling
pointer to a repurposed block of memory on the heap,
resulting ACL verification to fail when parsing
'admin/conf' and 'admin' ACLs. This allows an attacker
to upload a replacement CUPS configuration file.
(CVE-2015-1158)

- A cross-site scripting vulnerability exists due to
improper sanitization of user-supplied input to the
'QUERY' parameter of the help page. This allows a remote
attacker, with a specially crafted request, to execute
arbitrary script code. (CVE-2015-1159)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://cups.org/blog.php?L1082
https://cups.org/str.php?L4609

Solution :

Upgrade to CUPS version 2.0.3 or later. Alternatively, apply the patch
provided by the vendor.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 84149 ()

Bugtraq ID: 75098

CVE ID: CVE-2015-1158
CVE-2015-1159

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now