EulerOS Virtualization 3.0.1.0 : cups (EulerOS-SA-2019-1432)

high Nessus Plugin ID 124935

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the cups package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

- A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface.(CVE-2015-1159)

- It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system.(CVE-2014-5031)

- A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker could submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allowed the attacker to run arbitrary code on the CUPS server.(CVE-2015-1158)

- A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface.(CVE-2014-2856)

- A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).(CVE-2017-18190)

- It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system.(CVE-2014-5030)

- It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system.(CVE-2014-3537)

- An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash.(CVE-2014-9679)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected cups packages.

See Also

http://www.nessus.org/u?f658fc1a

Plugin Details

Severity: High

ID: 124935

File Name: EulerOS_SA-2019-1432.nasl

Version: 1.8

Type: local

Published: 5/14/2019

Updated: 2/8/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:cups-libs, cpe:/o:huawei:euleros:uvp:3.0.1.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/8/2019

Reference Information

CVE: CVE-2014-2856, CVE-2014-3537, CVE-2014-5030, CVE-2014-5031, CVE-2014-9679, CVE-2015-1158, CVE-2015-1159, CVE-2017-18190

BID: 66788, 68788, 68846, 68847, 72594, 75098, 75106