CUPS < 1.1.23 Multiple Vulnerabilities

High Nessus Plugin ID 16141


The remote print service is affected by multiple vulnerabilities.


According to its banner, the version of CUPS installed on the remote host is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to multiple vulnerabilities :

- A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted HPGL files can execute arbitrary commands as the CUPS 'lp' account.

- A local user may be able to prevent anyone from changing their password until a temporary copy of the new password file is cleaned up (lppasswd flaw).

- A local user may be able to add arbitrary content to the password file by closing the stderr file descriptor while running lppasswd (lppasswd flaw).

- A local attacker may be able to truncate the CUPS password file, thereby denying service to valid clients using digest authentication. (lppasswd flaw).

- The application applies ACLs to incoming print jobs in a case-sensitive fashion. Thus, an attacker can bypass restrictions by changing the case in printer names when submitting jobs. [Fixed in 1.1.21.]


Upgrade to CUPS 1.1.23 or later.

See Also

Plugin Details

Severity: High

ID: 16141

File Name: cups_multiple_vulnerabilities.nasl

Version: 1.26

Type: remote

Family: Misc.

Published: 2005/01/12

Updated: 2018/07/06

Dependencies: 10107

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2004/12/16

Reference Information

CVE: CVE-2004-1267, CVE-2004-1268, CVE-2004-1269, CVE-2004-1270, CVE-2005-2874

BID: 11968, 12004, 12005, 12007, 12200, 14265

FLSA: FEDORA-2004-559, FEDORA-2004-560

GLSA: GLSA-200412-25

CWE: 119