CUPS Remote Command Execution via Shellshock
High Nessus Plugin ID 79804
SynopsisThe remote printer service is affected by a remote command execution vulnerability via Shellshock.
DescriptionThe remote host appears to be running CUPS with the web-based interface enabled. A remote attacker can exploit CUPS to execute arbitrary commands via crafted fields during the creation or modification of a printer. The 'PRINTER_INFO' and 'PRINTER_LOCATION' fields can be configured to contain arbitrary commands which will be executed when a print job is submitted, provided the remote host is running a vulnerable version of Bash.
This plugin attempts to exploit this flaw by using user-supplied credentials to access the CUPS server and create a printer, then submitting a print request.
SolutionApply the referenced Bash patch.