CUPS < 1.1.23 Multiple Vulnerabilities

High Nessus Plugin ID 16141

Synopsis

The remote print service is affected by multiple vulnerabilities.

Description

According to its banner, the version of CUPS installed on the remote host is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to multiple vulnerabilities :

- A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted HPGL files can execute arbitrary commands as the CUPS 'lp' account.

- A local user may be able to prevent anyone from changing their password until a temporary copy of the new password file is cleaned up (lppasswd flaw).

- A local user may be able to add arbitrary content to the password file by closing the stderr file descriptor while running lppasswd (lppasswd flaw).

- A local attacker may be able to truncate the CUPS password file, thereby denying service to valid clients using digest authentication. (lppasswd flaw).

- The application applies ACLs to incoming print jobs in a case-sensitive fashion. Thus, an attacker can bypass restrictions by changing the case in printer names when submitting jobs. [Fixed in 1.1.21.]

Solution

Upgrade to CUPS 1.1.23 or later.

See Also

http://www.cups.org/str.php?L700

http://www.cups.org/str.php?L1024

http://www.cups.org/str.php?L1023

Plugin Details

Severity: High

ID: 16141

File Name: cups_multiple_vulnerabilities.nasl

Version: 1.26

Type: remote

Family: Misc.

Published: 2005/01/12

Updated: 2018/07/06

Dependencies: 10107

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2004/12/16

Reference Information

CVE: CVE-2004-1267, CVE-2004-1268, CVE-2004-1269, CVE-2004-1270, CVE-2005-2874

BID: 11968, 12004, 12005, 12007, 12200, 14265

FLSA: FEDORA-2004-559, FEDORA-2004-560

GLSA: GLSA-200412-25

CWE: 119