CentOS ProjectCESA-2005:571cups security update
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.5%
CentOS Errata and Security Advisory CESA-2005:571
The Common UNIX Printing System (CUPS) provides a portable printing layer for
UNIX® operating systems.
When processing a request, the CUPS scheduler would use case-sensitive
matching on the queue name to decide which authorization policy should be
used. However, queue names are not case-sensitive. An unauthorized user
could print to a password-protected queue without needing a password. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-2154 to this issue.
Please note that the version of CUPS included in Red Hat Enterprise Linux 4
is not vulnerable to this issue.
All users of CUPS should upgrade to these erratum packages which contain a
backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-July/074094.html
https://lists.centos.org/pipermail/centos-announce/2005-July/074095.html
https://lists.centos.org/pipermail/centos-announce/2005-July/074096.html
https://lists.centos.org/pipermail/centos-announce/2005-July/074097.html
Affected packages:
cups
cups-devel
cups-libs
Upstream details at:
https://access.redhat.com/errata/RHSA-2005:571
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 3 | ia64 | cups | < 1.1.17-13.3.29 | cups-1.1.17-13.3.29.ia64.rpm |
| CentOS | 3 | ia64 | cups-devel | < 1.1.17-13.3.29 | cups-devel-1.1.17-13.3.29.ia64.rpm |
| CentOS | 3 | ia64 | cups-libs | < 1.1.17-13.3.29 | cups-libs-1.1.17-13.3.29.ia64.rpm |
| CentOS | 3 | s390 | cups | < 1.1.17-13.3.29 | cups-1.1.17-13.3.29.s390.rpm |
| CentOS | 3 | s390 | cups-devel | < 1.1.17-13.3.29 | cups-devel-1.1.17-13.3.29.s390.rpm |
| CentOS | 3 | s390 | cups-libs | < 1.1.17-13.3.29 | cups-libs-1.1.17-13.3.29.s390.rpm |
| CentOS | 3 | s390x | cups | < 1.1.17-13.3.29 | cups-1.1.17-13.3.29.s390x.rpm |
| CentOS | 3 | s390x | cups-devel | < 1.1.17-13.3.29 | cups-devel-1.1.17-13.3.29.s390x.rpm |
| CentOS | 3 | s390x | cups-libs | < 1.1.17-13.3.29 | cups-libs-1.1.17-13.3.29.s390x.rpm |
| CentOS | 3 | i386 | cups | < 1.1.17-13.3.29 | cups-1.1.17-13.3.29.i386.rpm |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.5%