CUPS Remote Command Execution via Shellshock

High Nessus Plugin ID 79804


The remote printer service is affected by a remote command execution vulnerability via Shellshock.


The remote host appears to be running CUPS with the web-based interface enabled. A remote attacker can exploit CUPS to execute arbitrary commands via crafted fields during the creation or modification of a printer. The 'PRINTER_INFO' and 'PRINTER_LOCATION' fields can be configured to contain arbitrary commands which will be executed when a print job is submitted, provided the remote host is running a vulnerable version of Bash.

This plugin attempts to exploit this flaw by using user-supplied credentials to access the CUPS server and create a printer, then submitting a print request.


Apply the referenced Bash patch.

See Also

Plugin Details

Severity: High

ID: 79804

File Name: cups_bash_rce.nbin

Version: $Revision: 1.28 $

Type: remote

Family: Misc.

Published: 2014/12/08

Modified: 2018/01/29

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:cups, cpe:/a:gnu:bash

Required KB Items: www/cups

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/09/26

Vulnerability Publication Date: 2014/09/24

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-6271, CVE-2014-7169

BID: 70103, 70137

OSVDB: 112004

CERT: 252743

EDB-ID: 34765, 34766, 34777

IAVA: 2014-A-0142