SynopsisThe remote CentOS host is missing one or more security updates.
DescriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1050 advisory.
- cups: Local privilege escalation to root due to insecure environment variable handling (CVE-2018-4180)
- cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root (CVE-2018-4181)
- cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpdate the affected cups packages.