ID CVE-2015-1159 Type cve Reporter NVD Modified 2017-09-22T21:29:00
Description
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
{"f5": [{"lastseen": "2016-03-19T09:01:42", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": " * [CVE-2015-1158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158>)\n\nA string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allows the attacker to run arbitrary code on the CUPS server.\n\n * [CVE-2015-1159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1159>)\n\nA cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web.\n", "reporter": "f5", "published": "2015-06-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159", "type": "f5", "bulletinFamily": "software", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/700/sol16794.html", "id": "SOL16794", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-09-05T16:45:32", "references": ["http://cwe.mitre.org/data/definitions/79.html", "http://www.cups.org/blog.php?L1082+I0+Q", "http://www.cups.org/blog.php?L1082+I0+Q", "http://cwe.mitre.org/data/definitions/911.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1159", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1158", "https://www.cups.org/str.php?L4609"], "description": "### Overview\n\nCUPS implements the Internet Printing Protocol (IPP) for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error.\n\n### Description\n\n[**CWE-911**](<http://cwe.mitre.org/data/definitions/911.html>)**: Improper Update of Reference Count - **CVE-2015-1158 \n\nAn issue with how localized strings are handled in `cupsd` allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap. The dangling pointer causes ACL verification to fail when parsing `'admin/conf'` and` ``'admin'` ACLs. The ACL handling failure results in unrestricted access to privileged operations, allowing an unauthenticated remote user to upload a replacement CUPS configuration file and mount further attacks. \n \nThis vulnerability was introduced in CUPS 1.2.0, released in 2006. All major versions of CUPS from 1.2 to 2.0 are vulnerable. This vulnerability is exploitable by default and without any special permissions other than the ability to send a print job request. \n \n[**CWE-79**](<http://cwe.mitre.org/data/definitions/79.html>)**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - **CVE-2015-1159 \n \nA cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web._ _In certain cases, the CGI template can echo user input to file rather than escaping the text first. This may be used to set up a reflected XSS attack in the QUERY parameter of the web interface help page. By default, many linux distributions run with the web interface activated; OS X has the web interface deactivated by default. \n \nThe CVSS score below is based on CVE-2015-1158. \n \n--- \n \n### Impact\n\nCVE-2015-1158 may allow a remote unauthenticated attacker access to privileged operations on the CUPS server. CVE-2015-1159 may allow an attacker to execute arbitrary javascript in a user's browser. \n \n--- \n \n### Solution\n\n**Apply an update** \n \nA [patch](<http://www.cups.org/blog.php?L1082+I0+Q>) addressing these issues has been released for all supported versions of CUPS. For the version 2.0 branch (the latest release), 2.0.3 contains the patch. Affected users are encouraged to update as soon as possible. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple| | 06 May 2015| 08 May 2015 \nFreeBSD Project| | 08 May 2015| 10 Jun 2015 \nopenSUSE project| | 08 May 2015| 10 Jun 2015 \nSUSE Linux| | 08 May 2015| 10 Jun 2015 \nCentOS| | 08 May 2015| 08 May 2015 \nDebian GNU/Linux| | 08 May 2015| 08 May 2015 \nDesktopBSD| | 08 May 2015| 08 May 2015 \nDragonFly BSD Project| | 08 May 2015| 08 May 2015 \nEMC Corporation| | 08 May 2015| 08 May 2015 \nF5 Networks, Inc.| | 08 May 2015| 08 May 2015 \nFedora Project| | 08 May 2015| 08 May 2015 \nGentoo Linux| | 08 May 2015| 08 May 2015 \nHewlett-Packard Company| | 08 May 2015| 08 May 2015 \nHitachi| | 08 May 2015| 08 May 2015 \nIBM Corporation| | 08 May 2015| 08 May 2015 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23810572 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C \nTemporal | 7.3 | E:POC/RL:OF/RC:C \nEnvironmental | 5.5 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND \n \n### References\n\n * <http://www.cups.org/blog.php?L1082+I0+Q>\n * <https://www.cups.org/str.php?L4609>\n\n### Credit\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n * CVE IDs: [CVE-2015-1158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1158>) [CVE-2015-1159](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1159>)\n * Date Public: 08 Jun 2015\n * Date First Published: 09 Jun 2015\n * Date Last Updated: 10 Jun 2015\n * Document Revision: 42\n\n", "edition": 5, "reporter": "CERT", "published": "2015-06-09T00:00:00", "title": "CUPS print service is vulnerable to privilege escalation and cross-site scripting", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-1158", "CVE-2015-1158", "CVE-2015-1158", "CVE-2015-1158", "CVE-2015-1158", "CVE-2015-1159", "CVE-2015-1159", "CVE-2015-1159", "CVE-2015-1159"], "modified": "2015-06-10T00:00:00", "id": "VU:810572", "href": "https://www.kb.cert.org/vuls/id/810572", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:51:56", "references": ["2015-9726", "https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160444.html"], "pluginID": "1361412562310869513", "description": "Check the version of cups", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-07T00:00:00", "title": "Fedora Update for cups FEDORA-2015-9726", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cups FEDORA-2015-9726\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869513\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:21:21 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for cups FEDORA-2015-9726\");\n script_tag(name: \"summary\", value: \"Check the version of cups\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"CUPS printing system provides a portable\nprinting layer for UNIX operating systems. It has been developed by Apple Inc.\nto promote a standard printing solution for all UNIX vendors and users. CUPS\nprovides the System V and Berkeley command-line interfaces.\n\");\n script_tag(name: \"affected\", value: \"cups on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-9726\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160444.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~2.0.3~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:04", "references": ["http://www.ubuntu.com/usn/usn-2629-1/", "2629-1"], "pluginID": "1361412562310842238", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-11T00:00:00", "title": "Ubuntu Update for cups USN-2629-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842238", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for cups USN-2629-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842238\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-11 06:31:10 +0200 (Thu, 11 Jun 2015)\");\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for cups USN-2629-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that CUPS incorrectly\nhandled reference counting when handling localized strings. A remote attacker\ncould use this issue to escalate permissions, upload a replacement CUPS\nconfiguration file, and execute arbitrary code. (CVE-2015-1158)\n\nIt was discovered that the CUPS templating engine contained a cross-site\nscripting issue. A remote attacker could use this issue to bypass default\nconfiguration settings. (CVE-2015-1159)\");\n script_tag(name:\"affected\", value:\"cups on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2629-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2629-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.7.5-3ubuntu3.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.7.2-0ubuntu1.6\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.5.3-0ubuntu8.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:39:53", "references": ["https://www.exploit-db.com/exploits/37336", "https://www.kb.cert.org/vuls/id/810572"], "pluginID": "1361412562310105298", "description": "Various versions of CUPS are vulnerable\nto a privilege escalation due to a memory management error.", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-15T00:00:00", "title": "CUPS < 2.0.3 Multiple Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310105298", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105298", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cups_CVE_2015_1158.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# CUPS < 2.0.3 Multiple Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:cups\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105298\");\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_bugtraq_id(75098, 75106);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 11872 $\");\n\n script_name(\"CUPS < 2.0.3 Multiple Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"https://www.kb.cert.org/vuls/id/810572\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/37336\");\n\n script_tag(name:\"impact\", value:\"CVE-2015-1158 may allow a remote unauthenticated\nattacker access to privileged operations on the CUPS server. CVE-2015-1159 may allow\nan attacker to execute arbitrary javascript in a user's browser.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP GET request\nand check whether it is able to read cookie or not\");\n\n script_tag(name:\"insight\", value:\"CVE-2015-1158:\nAn issue with how localized strings are handled in cupsd allows a reference\ncounter to over-decrement when handling certain print job request errors. As a\nresult, an attacker can prematurely free an arbitrary string of global scope,\ncreating a dangling pointer to a repurposed block of memory on the heap. The\ndangling pointer causes ACL verification to fail when parsing 'admin/conf' and\n'admin' ACLs. The ACL handling failure results in unrestricted access to\nprivileged operations, allowing an unauthenticated remote user to upload a\nreplacement CUPS configuration file and mount further attacks.\n\nCVE-2015-1159:\nA cross-site scripting bug in the CUPS templating engine allows this bug to be\nexploited when a user browses the web. In certain cases, the CGI template can\necho user input to file rather than escaping the text first. This may be used\nto set up a reflected XSS attack in the QUERY parameter of the web interface\nhelp page. By default, many linux distributions run with the web interface\nactivated, OS X has the web interface deactivated by default.\");\n\n script_tag(name:\"solution\", value:\"A patch addressing these issues has been\nreleased for all supported versions of CUPS. For the version 2.0 branch (the latest\nrelease), 2.0.3 contains the patch.\");\n\n script_tag(name:\"summary\", value:\"Various versions of CUPS are vulnerable\nto a privilege escalation due to a memory management error.\");\n\n script_tag(name:\"affected\", value:\"CUPS < 2.0.3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"exploit\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-15 15:24:12 +0200 (Mon, 15 Jun 2015)\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_cups_detect.nasl\");\n script_require_ports(\"Services/www\", 631);\n script_mandatory_keys(\"CUPS/installed\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!cupsPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nurl = \"/help/?QUERY=%3Ca%20href=%22%20%3E%3Cscript%3Ealert%28document.cooki\" +\n \"e%29%3C/script%3E%3C!--&SEARCH=Search\";\n\nif(http_vuln_check(port:cupsPort, url:url, pattern:\"script>alert\\(document.cookie\\)</script>\",\n extra_check: make_list(\">Online Help\", \"CUPS\"), check_header:TRUE))\n{\n report = report_vuln_url( port:cupsPort, url:url );\n security_message(port:cupsPort, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:40:31", "references": ["https://security.gentoo.org/glsa/201510-07"], "pluginID": "1361412562310121420", "description": "Gentoo Linux Local Security Checks GLSA 201510-07", "edition": 7, "reporter": "Eero Volotinen", "published": "2015-11-08T00:00:00", "title": "Gentoo Security Advisory GLSA 201510-07", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201510-07.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121420\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-08 13:04:39 +0200 (Sun, 08 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201510-07\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in cups. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201510-07\");\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201510-07\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-print/cups\", unaffected: make_list(\"ge 2.0.3\"), vulnerable: make_list(\"lt 2.0.3\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:22", "references": ["http://www.debian.org/security/2015/dsa-3283.html"], "pluginID": "1361412562310703283", "description": "It was discovered that CUPS, the\nCommon UNIX Printing System, is vulnerable to a remotely triggerable privilege\nescalation via cross-site scripting and bad print job submission used to replace\ncupsd.conf on the CUPS server.", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-06-09T00:00:00", "title": "Debian Security Advisory DSA 3283-1 (cups - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703283", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3283.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3283-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703283\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_name(\"Debian Security Advisory DSA 3283-1 (cups - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-09 00:00:00 +0200 (Tue, 09 Jun 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3283.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"cups on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Common UNIX Printing System (or\nCUPS(tm)) is a printing system and general replacement for lpd and the like.\nIt supports the Internet Printing Protocol (IPP), and has its own filtering\ndriver model for handling various document types.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.5.3-5+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.7.5-11+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.7.5-12.\n\nWe recommend that you upgrade your cups packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that CUPS, the\nCommon UNIX Printing System, is vulnerable to a remotely triggerable privilege\nescalation via cross-site scripting and bad print job submission used to replace\ncupsd.conf on the CUPS server.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:53:21", "references": ["http://www.debian.org/security/2015/dsa-3283.html"], "pluginID": "703283", "description": "It was discovered that CUPS, the\nCommon UNIX Printing System, is vulnerable to a remotely triggerable privilege\nescalation via cross-site scripting and bad print job submission used to replace\ncupsd.conf on the CUPS server.", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-06-09T00:00:00", "title": "Debian Security Advisory DSA 3283-1 (cups - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703283", "id": "OPENVAS:703283", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3283.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3283-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703283);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_name(\"Debian Security Advisory DSA 3283-1 (cups - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-09 00:00:00 +0200 (Tue, 09 Jun 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3283.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"cups on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Common UNIX Printing System (or\nCUPS(tm)) is a printing system and general replacement for lpd and the like.\nIt supports the Internet Printing Protocol (IPP), and has its own filtering\ndriver model for handling various document types.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.5.3-5+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.7.5-11+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.7.5-12.\n\nWe recommend that you upgrade your cups packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that CUPS, the\nCommon UNIX Printing System, is vulnerable to a remotely triggerable privilege\nescalation via cross-site scripting and bad print job submission used to replace\ncupsd.conf on the CUPS server.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1:amd64\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1:i386\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.5.3-5+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:22", "references": ["http://linux.oracle.com/errata/ELSA-2015-1123.html"], "pluginID": "1361412562310123098", "description": "Oracle Linux Local Security Checks ELSA-2015-1123", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-1123", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123098", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123098", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1123.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123098\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:21 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1123\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1123 - cups security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1123\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1123.html\");\n script_cve_id(\"CVE-2014-9679\", \"CVE-2015-1158\", \"CVE-2015-1159\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.6.3~17.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.6.3~17.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.6.3~17.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-filesystem\", rpm:\"cups-filesystem~1.6.3~17.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-ipptool\", rpm:\"cups-ipptool~1.6.3~17.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.6.3~17.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.6.3~17.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.2~67.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.4.2~67.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.4.2~67.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.4.2~67.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.4.2~67.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:10", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160577.html", "2015-9801"], "pluginID": "1361412562310869456", "description": "Check the version of cups", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-21T00:00:00", "title": "Fedora Update for cups FEDORA-2015-9801", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869456", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cups FEDORA-2015-9801\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869456\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-21 05:54:54 +0200 (Sun, 21 Jun 2015)\");\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\", \"CVE-2014-9679\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for cups FEDORA-2015-9801\");\n script_tag(name: \"summary\", value: \"Check the version of cups\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"CUPS printing system provides a portable printing layer for\nUNIX operating systems. It has been developed by Apple Inc.\nto promote a standard printing solution for all UNIX vendors and users.\nCUPS provides the System V and Berkeley command-line interfaces.\n\");\n script_tag(name: \"affected\", value: \"cups on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-9801\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160577.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.7.5~17.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:31:35", "references": ["https://alas.aws.amazon.com/ALAS-2015-559.html"], "pluginID": "1361412562310120032", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2015-559", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-559.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120032\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:15:44 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-559\");\n script_tag(name:\"insight\", value:\"A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158 )A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159 )An integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. (CVE-2014-9679 )\");\n script_tag(name:\"solution\", value:\"Run yum update cups to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-559.html\");\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\", \"CVE-2014-9679\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.4.2~67.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.4.2~67.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.4.2~67.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.4.2~67.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.2~67.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.4.2~67.21.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:00:52", "references": ["2015:1041_1"], "pluginID": "1361412562310850876", "description": "The remote host is missing an update for the ", "edition": 11, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "title": "SuSE Update for cups SUSE-SU-2015:1041-1 (cups)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310850876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1041_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for cups SUSE-SU-2015:1041-1 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850876\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:21:21 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2012-5519\", \"CVE-2015-1158\", \"CVE-2015-1159\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for cups SUSE-SU-2015:1041-1 (cups)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n\n * CVE-2015-1158: Improper Update of Reference Count\n\n * CVE-2015-1159: Cross-Site Scripting\");\n script_tag(name:\"affected\", value:\"cups on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1041_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client-debuginfo\", rpm:\"cups-client-debuginfo~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debugsource\", rpm:\"cups-debugsource~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-debuginfo\", rpm:\"cups-libs-debuginfo~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-debuginfo-32bit\", rpm:\"cups-libs-debuginfo-32bit~1.7.5~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"SLES12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-client-debuginfo\", rpm:\"cups-client-debuginfo~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-debugsource\", rpm:\"cups-debugsource~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-debuginfo\", rpm:\"cups-libs-debuginfo~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs-debuginfo-32bit\", rpm:\"cups-libs-debuginfo-32bit~1.7.5~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:57:20", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1221642", "https://bugzilla.redhat.com/show_bug.cgi?id=1221641", "http://www.nessus.org/u?dda586f0"], "pluginID": "84311", "description": "This update fixed 2 security flaws.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-06-22T00:00:00", "title": "Fedora 21 : cups-1.7.5-17.fc21 (2015-9801)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:cups"], "id": "FEDORA_2015-9801.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9801.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84311);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:22:35 $\");\n\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_xref(name:\"FEDORA\", value:\"2015-9801\");\n\n script_name(english:\"Fedora 21 : cups-1.7.5-17.fc21 (2015-9801)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixed 2 security flaws.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221642\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160577.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dda586f0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"cups-1.7.5-17.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:50", "references": ["https://security.gentoo.org/glsa/201510-07"], "pluginID": "86692", "description": "The remote host is affected by the vulnerability described in GLSA-201510-07 (CUPS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cups. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2015-11-02T00:00:00", "title": "GLSA-201510-07 : CUPS: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-11-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:cups"], "id": "GENTOO_GLSA-201510-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201510-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86692);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/11/02 14:33:25 $\");\n\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_xref(name:\"GLSA\", value:\"201510-07\");\n\n script_name(english:\"GLSA-201510-07 : CUPS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201510-07\n(CUPS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cups. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201510-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CUPS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-2.0.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-print/cups\", unaffected:make_list(\"ge 2.0.3\"), vulnerable:make_list(\"lt 2.0.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CUPS\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:05", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1221642", "https://bugzilla.redhat.com/show_bug.cgi?id=1221641", "http://www.nessus.org/u?a751aa69"], "pluginID": "84310", "description": "New upstream bug-fix release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-06-22T00:00:00", "title": "Fedora 22 : cups-2.0.3-1.fc22 (2015-9726)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cups", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-9726.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84310", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9726.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84310);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:22:35 $\");\n\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_xref(name:\"FEDORA\", value:\"2015-9726\");\n\n script_name(english:\"Fedora 22 : cups-2.0.3-1.fc22 (2015-9726)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream bug-fix release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1221642\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a751aa69\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"cups-2.0.3-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:01:12", "references": ["https://www.kb.cert.org/vuls/id/810572", "https://cups.org/blog.php?L1082", "http://www.nessus.org/u?405b2fa9"], "pluginID": "84070", "description": "CUPS development team reports :\n\nThe new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include :\n\nSecurity: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159 exploiting the dynamic linker (STR #4609)\n\nSecurity: The scheduler could hang with malformed gzip data (STR #4602)", "edition": 5, "reporter": "Tenable", "published": "2015-06-10T00:00:00", "title": "FreeBSD : cups -- multiple vulnerabilities (a40ec970-0efa-11e5-90e4-d050996490d0)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:cups-base", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A40EC9700EFA11E590E4D050996490D0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84070", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84070);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n\n script_name(english:\"FreeBSD : cups -- multiple vulnerabilities (a40ec970-0efa-11e5-90e4-d050996490d0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CUPS development team reports :\n\nThe new release addresses two security vulnerabilities, add\nlocalizations for German and Russian, and includes several general bug\nfixes. Changes include :\n\nSecurity: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159 exploiting\nthe dynamic linker (STR #4609)\n\nSecurity: The scheduler could hang with malformed gzip data (STR\n#4602)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://cups.org/blog.php?L1082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kb.cert.org/vuls/id/810572\"\n );\n # https://vuxml.freebsd.org/freebsd/a40ec970-0efa-11e5-90e4-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?405b2fa9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cups-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"cups-base<2.0.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:41:50", "references": ["https://packages.debian.org/source/jessie/cups", "https://www.debian.org/security/2015/dsa-3283", "https://packages.debian.org/source/wheezy/cups"], "pluginID": "84063", "description": "It was discovered that CUPS, the Common UNIX Printing System, is vulnerable to a remotely triggerable privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on the CUPS server.", "edition": 5, "reporter": "Tenable", "published": "2015-06-10T00:00:00", "title": "Debian DSA-3283-1 : cups - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:cups", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3283.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84063", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3283. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84063);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_xref(name:\"DSA\", value:\"3283\");\n\n script_name(english:\"Debian DSA-3283-1 : cups - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CUPS, the Common UNIX Printing System, is\nvulnerable to a remotely triggerable privilege escalation via\ncross-site scripting and bad print job submission used to replace\ncupsd.conf on the CUPS server.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/cups\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/cups\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3283\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cups packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.5.3-5+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.7.5-11+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"cups\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"cups-bsd\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"cups-client\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"cups-common\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"cups-dbg\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"cups-ppdc\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"cupsddk\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcups2\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcups2-dev\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupscgi1\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupscgi1-dev\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupsdriver1\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupsdriver1-dev\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupsimage2\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupsimage2-dev\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupsmime1\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupsmime1-dev\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupsppdc1\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcupsppdc1-dev\", reference:\"1.5.3-5+deb7u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups-bsd\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups-client\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups-common\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups-core-drivers\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups-daemon\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups-dbg\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups-ppdc\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"cups-server-common\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcups2\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcups2-dev\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcupscgi1\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcupscgi1-dev\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcupsimage2\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcupsimage2-dev\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcupsmime1\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcupsmime1-dev\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcupsppdc1\", reference:\"1.7.5-11+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcupsppdc1-dev\", reference:\"1.7.5-11+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:15", "references": ["https://packages.debian.org/source/squeeze-lts/cups", "https://lists.debian.org/debian-lts-announce/2015/06/msg00003.html"], "pluginID": "84061", "description": "Two critical vulnerabilities have been found in the CUPS printing system :\n\nCVE-2015-1158 - Improper Update of Reference Count Cupsd uses reference-counted strings with global scope. When parsing a print job request, cupsd over-decrements the reference count for a string from the request. As a result, an attacker can prematurely free an arbitrary string of global scope. They can use this to dismantle ACL’s protecting privileged operations, and upload a replacement configuration file, and subsequently run arbitrary code on a target machine.\n\nThis bug is exploitable in default configurations, and does not require any special permissions other than the basic ability to print.\n\nCVE-2015-1159 - Cross-Site Scripting A cross-site scripting bug in the CUPS templating engine allows the above bug to be exploited when a user browses the web. This XSS is reachable in the default configuration for Linux instances of CUPS, and allows an attacker to bypass default configuration settings that bind the CUPS scheduler to the ‘localhost’ or loopback interface.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-06-10T00:00:00", "title": "Debian DLA-239-1 : cups security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libcupsdriver1", "p-cpe:/a:debian:debian_linux:cups-client", "p-cpe:/a:debian:debian_linux:cups", "p-cpe:/a:debian:debian_linux:libcupsimage2", "p-cpe:/a:debian:debian_linux:libcupsmime1", "p-cpe:/a:debian:debian_linux:libcupscgi1-dev", "p-cpe:/a:debian:debian_linux:libcups2", "p-cpe:/a:debian:debian_linux:libcupsppdc1", "p-cpe:/a:debian:debian_linux:cups-common", "p-cpe:/a:debian:debian_linux:libcups2-dev", "p-cpe:/a:debian:debian_linux:cups-ppdc", "p-cpe:/a:debian:debian_linux:cups-dbg", "p-cpe:/a:debian:debian_linux:libcupscgi1", "p-cpe:/a:debian:debian_linux:cupsddk", "p-cpe:/a:debian:debian_linux:libcupsdriver1-dev", "p-cpe:/a:debian:debian_linux:libcupsimage2-dev", "p-cpe:/a:debian:debian_linux:libcupsppdc1-dev", "p-cpe:/a:debian:debian_linux:cups-bsd", "p-cpe:/a:debian:debian_linux:libcupsmime1-dev"], "id": "DEBIAN_DLA-239.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84061", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-239-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84061);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_bugtraq_id(75098, 75106);\n\n script_name(english:\"Debian DLA-239-1 : cups security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two critical vulnerabilities have been found in the CUPS printing\nsystem :\n\nCVE-2015-1158 - Improper Update of Reference Count Cupsd uses\nreference-counted strings with global scope. When parsing a print job\nrequest, cupsd over-decrements the reference count for a string from\nthe request. As a result, an attacker can prematurely free an\narbitrary string of global scope. They can use this to dismantle\nACL’s protecting privileged operations, and upload a replacement\nconfiguration file, and subsequently run arbitrary code on a target\nmachine.\n\nThis bug is exploitable in default configurations, and does not\nrequire any special permissions other than the basic ability to print.\n\nCVE-2015-1159 - Cross-Site Scripting A cross-site scripting bug in the\nCUPS templating engine allows the above bug to be exploited when a\nuser browses the web. This XSS is reachable in the default\nconfiguration for Linux instances of CUPS, and allows an attacker to\nbypass default configuration settings that bind the CUPS scheduler to\nthe ‘localhost’ or loopback interface.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/06/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/cups\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups-bsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups-ppdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cupsddk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcups2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupscgi1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupscgi1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupsdriver1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupsdriver1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupsimage2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupsimage2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupsmime1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupsmime1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupsppdc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcupsppdc1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"cups\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-bsd\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-client\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-common\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-dbg\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-ppdc\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cupsddk\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcups2\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcups2-dev\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupscgi1\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupscgi1-dev\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsdriver1\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsdriver1-dev\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsimage2\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsimage2-dev\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsmime1\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsmime1-dev\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsppdc1\", reference:\"1.4.4-7+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsppdc1-dev\", reference:\"1.4.4-7+squeeze8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-16T16:48:23", "references": ["https://cups.org/blog.php?L1082", "https://github.com/apple/cups/issues/4609"], "pluginID": "84149", "description": "According to its banner, the CUPS printer service running on the remote host is a version prior to 2.0.3. It is, therefore, potentially affected by the following vulnerabilities :\n\n - A privilege escalation vulnerability exists due to a flaw in cupsd when handling printer job request errors.\n An unauthenticated, remote attacker can exploit this, with a specially crafted request, to prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap, resulting ACL verification to fail when parsing 'admin/conf' and 'admin' ACLs. This allows an attacker to upload a replacement CUPS configuration file.\n (CVE-2015-1158)\n\n - A cross-site scripting vulnerability exists due to improper sanitization of user-supplied input to the 'QUERY' parameter of the help page. This allows a remote attacker, with a specially crafted request, to execute arbitrary script code. (CVE-2015-1159)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2015-06-12T00:00:00", "title": "CUPS < 2.0.3 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:apple:cups"], "id": "CUPS_2_0_3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84149);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_bugtraq_id(75098);\n script_xref(name:\"CERT\", value:\"810572\");\n\n script_name(english:\"CUPS < 2.0.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the CUPS server version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote printer service is potentially affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the CUPS printer service running on the\nremote host is a version prior to 2.0.3. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - A privilege escalation vulnerability exists due to a\n flaw in cupsd when handling printer job request errors.\n An unauthenticated, remote attacker can exploit this,\n with a specially crafted request, to prematurely free an\n arbitrary string of global scope, creating a dangling\n pointer to a repurposed block of memory on the heap, \n resulting ACL verification to fail when parsing\n 'admin/conf' and 'admin' ACLs. This allows an attacker\n to upload a replacement CUPS configuration file.\n (CVE-2015-1158)\n\n - A cross-site scripting vulnerability exists due to\n improper sanitization of user-supplied input to the\n 'QUERY' parameter of the help page. This allows a remote\n attacker, with a specially crafted request, to execute\n arbitrary script code. (CVE-2015-1159)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # Blog\n script_set_attribute(attribute:\"see_also\", value:\"https://cups.org/blog.php?L1082\");\n # Bug\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/apple/cups/issues/4609\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to CUPS version 2.0.3 or later. Alternatively, apply the patch\nprovided by the vendor.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:cups\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"cups_1_3_5.nasl\");\n script_require_keys(\"www/cups\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 631);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:631, embedded:TRUE);\nget_kb_item_or_exit(\"www/\"+port+\"/cups/running\");\n\nversion = get_kb_item_or_exit(\"cups/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"cups/\"+port+\"/source\");\n\nif (version =~ \"^(2|2\\.0)($|[^0-9br.])\") audit(AUDIT_VER_NOT_GRANULAR, \"CUPS\", port, version);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# Affected :\n# x.x.x < 2.0.3\nif (\n version =~ \"^1\\.\" ||\n version =~ \"^2\\.0\\.[0-2]($|[^0-9.])\" ||\n version =~ \"^2\\.0(rc|b)\"\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.3' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"CUPS\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:20:57", "references": ["https://usn.ubuntu.com/2629-1/"], "pluginID": "84117", "description": "It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. (CVE-2015-1158)\n\nIt was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings. (CVE-2015-1159).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-06-11T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : cups vulnerabilities (USN-2629-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:cups", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2629-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84117", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2629-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84117);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-1158\", \"CVE-2015-1159\");\n script_bugtraq_id(75098);\n script_xref(name:\"USN\", value:\"2629-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : cups vulnerabilities (USN-2629-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CUPS incorrectly handled reference counting\nwhen handling localized strings. A remote attacker could use this\nissue to escalate permissions, upload a replacement CUPS configuration\nfile, and execute arbitrary code. (CVE-2015-1158)\n\nIt was discovered that the CUPS templating engine contained a\ncross-site scripting issue. A remote attacker could use this issue to\nbypass default configuration settings. (CVE-2015-1159).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2629-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cups\", pkgver:\"1.5.3-0ubuntu8.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cups\", pkgver:\"1.7.2-0ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cups\", pkgver:\"1.7.5-3ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"cups\", pkgver:\"2.0.2-1ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:01", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-June/005130.html", "https://oss.oracle.com/pipermail/el-errata/2015-June/005129.html"], "pluginID": "84256", "description": "From Red Hat Security Advisory 2015:1123 :\n\nUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar operating systems.\n\nA string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash.\n(CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.", "edition": 5, "reporter": "Tenable", "published": "2015-06-18T00:00:00", "title": "Oracle Linux 6 / 7 : cups (ELSA-2015-1123)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:cups", "p-cpe:/a:oracle:linux:cups-filesystem", "p-cpe:/a:oracle:linux:cups-libs", "p-cpe:/a:oracle:linux:cups-php", "p-cpe:/a:oracle:linux:cups-devel", "p-cpe:/a:oracle:linux:cups-client", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:cups-lpd", "p-cpe:/a:oracle:linux:cups-ipptool"], "id": "ORACLELINUX_ELSA-2015-1123.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1123 and \n# Oracle Linux Security Advisory ELSA-2015-1123 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84256);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:58\");\n\n script_cve_id(\"CVE-2014-9679\", \"CVE-2015-1158\", \"CVE-2015-1159\");\n script_bugtraq_id(72594, 75098, 75106);\n script_xref(name:\"RHSA\", value:\"2015:1123\");\n\n script_name(english:\"Oracle Linux 6 / 7 : cups (ELSA-2015-1123)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1123 :\n\nUpdated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems.\n\nA string reference count bug was found in cupsd, causing premature\nfreeing of string objects. An attacker can submit a malicious print\njob that exploits this flaw to dismantle ACLs protecting privileged\noperations, allowing a replacement configuration file to be uploaded\nwhich in turn allows the attacker to run arbitrary code in the CUPS\nserver (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating\nengine. An attacker could use this flaw to bypass the default\nconfiguration settings that bind the CUPS scheduler to the 'localhost'\nor loopback interface. (CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found\nin the way cups handled compressed raster image files. An attacker\ncould create a specially crafted image file, which when passed via the\ncups Raster filter, could cause the cups filter to crash.\n(CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158\nand CVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthis update, the cupsd daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005129.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005130.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-ipptool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"cups-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-devel-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-libs-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-lpd-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-php-1.4.2-67.el6_6.1\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cups-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cups-client-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cups-devel-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cups-filesystem-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cups-ipptool-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cups-libs-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cups-lpd-1.6.3-17.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-client / cups-devel / cups-filesystem / cups-ipptool / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:26", "references": ["https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000319.html"], "pluginID": "84257", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - CVE-2015-1158, CVE-2015-1159, CVE-2014-9679 (bug #1229982).", "edition": 7, "reporter": "Tenable", "published": "2015-06-18T00:00:00", "title": "OracleVM 3.3 : cups (OVMSA-2015-0071)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:cups", "p-cpe:/a:oracle:vm:cups-libs"], "id": "ORACLEVM_OVMSA-2015-0071.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84257", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0071.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84257);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2014-9679\", \"CVE-2015-1158\", \"CVE-2015-1159\");\n script_bugtraq_id(72594, 75098, 75106);\n\n script_name(english:\"OracleVM 3.3 : cups (OVMSA-2015-0071)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2015-1158, CVE-2015-1159, CVE-2014-9679 (bug\n #1229982).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000319.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cups / cups-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"cups-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"cups-libs-1.4.2-67.el6_6.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-libs\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:51", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1158", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1159", "https://bugs.gentoo.org/show_bug.cgi?id=551846"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.0.3", "packageName": "net-print/cups", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nCUPS, the Common Unix Printing System, is a full-featured print server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in cups. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll CUPS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-2.0.3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2015-10-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "CUPS: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-10-31T00:00:00", "id": "GLSA-201510-07", "href": "https://security.gentoo.org/glsa/201510-07", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:16", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1159", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1158"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.5.3-0ubuntu8.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cups", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.7.2-0ubuntu1.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cups", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "2.0.2-1ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cups", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.7.5-3ubuntu3.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cups", "operator": "lt"}], "description": "It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. (CVE-2015-1158)\n\nIt was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings. (CVE-2015-1159)", "edition": 3, "reporter": "Ubuntu", "published": "2015-06-10T00:00:00", "title": "CUPS vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-10T00:00:00", "id": "USN-2629-1", "href": "https://usn.ubuntu.com/2629-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:06", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "cups-ppdc_1.4.4-7+squeeze8_all.deb", "packageName": "cups-ppdc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupsmime1_1.4.4-7+squeeze8_all.deb", "packageName": "libcupsmime1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupsdriver1-dev_1.4.4-7+squeeze8_all.deb", "packageName": "libcupsdriver1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupsppdc1-dev_1.4.4-7+squeeze8_all.deb", "packageName": "libcupsppdc1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupsppdc1_1.4.4-7+squeeze8_all.deb", "packageName": "libcupsppdc1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "cups-dbg_1.4.4-7+squeeze8_all.deb", "packageName": "cups-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupscgi1-dev_1.4.4-7+squeeze8_all.deb", "packageName": "libcupscgi1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcups2-dev_1.4.4-7+squeeze8_all.deb", "packageName": "libcups2-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupsimage2_1.4.4-7+squeeze8_all.deb", "packageName": "libcupsimage2", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupsimage2-dev_1.4.4-7+squeeze8_all.deb", "packageName": "libcupsimage2-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "cupsddk_1.4.4-7+squeeze8_all.deb", "packageName": "cupsddk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupsdriver1_1.4.4-7+squeeze8_all.deb", "packageName": "libcupsdriver1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "cups-bsd_1.4.4-7+squeeze8_all.deb", "packageName": "cups-bsd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcups2_1.4.4-7+squeeze8_all.deb", "packageName": "libcups2", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "cups-client_1.4.4-7+squeeze8_all.deb", "packageName": "cups-client", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "cups_1.4.4-7+squeeze8_all.deb", "packageName": "cups", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupscgi1_1.4.4-7+squeeze8_all.deb", "packageName": "libcupscgi1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "cups-common_1.4.4-7+squeeze8_all.deb", "packageName": "cups-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1.4.4-7+squeeze8", "arch": "all", "packageFilename": "libcupsmime1-dev_1.4.4-7+squeeze8_all.deb", "packageName": "libcupsmime1-dev", "operator": "lt"}], "description": "Package : cups\nVersion : 1.4.4-7+squeeze8\nCVE ID : CVE-2015-1158 CVE-2015-1159\n\nTwo critical vulnerabilities have been found in the CUPS printing \nsystem:\n\nCVE-2015-1158 - Improper Update of Reference Count\n Cupsd uses reference-counted strings with global scope. When parsing\n a print job request, cupsd over-decrements the reference count for a\n string from the request. As a result, an attacker can prematurely\n free an arbitrary string of global scope. They can use this to \n dismantle ACL\u2019s protecting privileged operations, and upload a\n replacement configuration file, and subsequently run arbitrary code\n on a target machine.\n\n This bug is exploitable in default configurations, and does not\n require any special permissions other than the basic ability to\n print.\n\nCVE-2015-1159 - Cross-Site Scripting \n A cross-site scripting bug in the CUPS templating engine allows the\n above bug to be exploited when a user browses the web. This XSS is\n reachable in the default configuration for Linux instances of CUPS,\n and allows an attacker to bypass default configuration settings that\n bind the CUPS scheduler to the \u2018localhost\u2019 or loopback interface.\n\n", "edition": 1, "reporter": "Debian", "published": "2015-06-09T10:27:37", "title": "[SECURITY] [DLA 239-1] cups security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:06", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-09T10:27:37", "id": "DEBIAN:DLA-239-1:10F45", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00003.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:49:14", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups-dbg_1.7.5-11+deb8u1_all.deb", "packageName": "cups-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.5.3-5+deb7u6", "arch": "all", "packageFilename": "cups_1.5.3-5+deb7u6_all.deb", "packageName": "cups", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcupscgi1-dev_1.7.5-11+deb8u1_all.deb", "packageName": "libcupscgi1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcupsppdc1-dev_1.7.5-11+deb8u1_all.deb", "packageName": "libcupsppdc1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups-core-drivers_1.7.5-11+deb8u1_all.deb", "packageName": "cups-core-drivers", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcups2-dev_1.7.5-11+deb8u1_all.deb", "packageName": "libcups2-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups-server-common_1.7.5-11+deb8u1_all.deb", "packageName": "cups-server-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcups2_1.7.5-11+deb8u1_all.deb", "packageName": "libcups2", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups-bsd_1.7.5-11+deb8u1_all.deb", "packageName": "cups-bsd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups_1.7.5-11+deb8u1_all.deb", "packageName": "cups", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups-common_1.7.5-11+deb8u1_all.deb", "packageName": "cups-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups-daemon_1.7.5-11+deb8u1_all.deb", "packageName": "cups-daemon", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcupsmime1-dev_1.7.5-11+deb8u1_all.deb", "packageName": "libcupsmime1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcupsimage2-dev_1.7.5-11+deb8u1_all.deb", "packageName": "libcupsimage2-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcupsppdc1_1.7.5-11+deb8u1_all.deb", "packageName": "libcupsppdc1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcupsmime1_1.7.5-11+deb8u1_all.deb", "packageName": "libcupsmime1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups-client_1.7.5-11+deb8u1_all.deb", "packageName": "cups-client", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcupsimage2_1.7.5-11+deb8u1_all.deb", "packageName": "libcupsimage2", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "cups-ppdc_1.7.5-11+deb8u1_all.deb", "packageName": "cups-ppdc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.7.5-11+deb8u1", "arch": "all", "packageFilename": "libcupscgi1_1.7.5-11+deb8u1_all.deb", "packageName": "libcupscgi1", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3283-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 09, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cups\nCVE ID : CVE-2015-1158 CVE-2015-1159\n\nIt was discovered that CUPS, the Common UNIX Printing System, is\nvulnerable to a remotely triggerable privilege escalation via cross-site\nscripting and bad print job submission used to replace cupsd.conf on the\nCUPS server.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.5.3-5+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.7.5-11+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.7.5-12.\n\nWe recommend that you upgrade your cups packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-06-09T20:25:07", "title": "[SECURITY] [DSA 3283-1] cups security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:14", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-09T20:25:07", "id": "DEBIAN:DSA-3283-1:BE2B4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00178.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2629-1\r\nJune 10, 2015\r\n\r\ncups vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in CUPS.\r\n\r\nSoftware Description:\r\n- cups: Common UNIX Printing System(tm)\r\n\r\nDetails:\r\n\r\nIt was discovered that CUPS incorrectly handled reference counting when\r\nhandling localized strings. A remote attacker could use this issue to\r\nescalate permissions, upload a replacement CUPS configuration file, and\r\nexecute arbitrary code. (CVE-2015-1158)\r\n\r\nIt was discovered that the CUPS templating engine contained a cross-site\r\nscripting issue. A remote attacker could use this issue to bypass default\r\nconfiguration settings. (CVE-2015-1159)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n cups 2.0.2-1ubuntu3.1\r\n\r\nUbuntu 14.10:\r\n cups 1.7.5-3ubuntu3.2\r\n\r\nUbuntu 14.04 LTS:\r\n cups 1.7.2-0ubuntu1.6\r\n\r\nUbuntu 12.04 LTS:\r\n cups 1.5.3-0ubuntu8.7\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2629-1\r\n CVE-2015-1158, CVE-2015-1159\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/cups/2.0.2-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/cups/1.7.5-3ubuntu3.2\r\n https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.6\r\n https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.7\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-06-14T00:00:00", "title": "[USN-2629-1] CUPS vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:59", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-14T00:00:00", "id": "SECURITYVULNS:DOC:32208", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32208", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32208"], "description": "Code execution, crossite scripting.", "edition": 1, "reporter": "UBUNTU", "published": "2015-06-14T00:00:00", "title": "CUPS security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:00", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "cups", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-14T00:00:00", "id": "SECURITYVULNS:VULN:14537", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14537", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:40", "references": ["https://www.kb.cert.org/vuls/id/810572", "https://cups.org/blog.php?L1082"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cups-base", "operator": "lt"}], "description": "\nCUPS development team reports:\n\nThe new release addresses two security vulnerabilities,\n\t add localizations for German and Russian, and includes\n\t several general bug fixes. Changes include:\nSecurity: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159\n\t exploiting the dynamic linker (STR #4609)\nSecurity: The scheduler could hang with malformed\n\t gzip data (STR #4602)\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-06-09T00:00:00", "title": "cups -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-09T00:00:00", "id": "A40EC970-0EFA-11E5-90E4-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/a40ec970-0efa-11e5-90e4-d050996490d0.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:23:53", "references": [], "edition": 1, "description": "", "reporter": "Google Security Research", "published": "2015-06-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "packetstorm", "title": "CUPS XSS / String Handling / Improper Teardown", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-22T00:00:00", "href": "https://packetstormsecurity.com/files/132389/CUPS-XSS-String-Handling-Improper-Teardown.html", "id": "PACKETSTORM:132389", "sourceData": "`Source: http://googleprojectzero.blogspot.se/2015/06/owning-internet-printing-case-study-in.html \n \nAbstract \n \nModern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs become unexploitable, and others become difficult to exploit, requiring application or even bug-specific knowledge that cannot be reused. The practical effect of exploit mitigations against any given bug or class of bugs is the subject of great debate amongst security researchers. \n \nDespite mitigations, skilled and determined attackers alike remain undeterred. They cope by finding more bugs, and by crafting increasingly complex exploit chains. Attackers treat these exploits as closely-guarded, increasingly valuable secrets, and it's rare to see publicly-available full-fledged exploit chains. This visibility problem contributes to an attacker's advantage in the short term, but hinders broader innovation. \n \nIn this blog post, I describe an exploit chain for several bugs I discovered in CUPS, an open-source printing suite. I start by analyzing a relatively-subtle bug in CUPS string handling (CVE-2015-1158), an exploit primitive. I discuss key design and implementation choices that contributed to this bug. I then discuss how to build an exploit using the primitive. Next, I describe a second implementation error (CVE-2015-1159) that compounds the effect of the first, exposing otherwise unreachable instances of CUPS. Finally, I discuss the specific features and configuration options of CUPS that either helped or hindered exploitation. \n \nBy publishing this analysis, I hope to encourage transparent discourse on the state of exploits and mitigations, and inspire other researchers to do the same. \n \nSummary \n \nCupsd uses reference-counted strings with global scope. When parsing a print job request, cupsd can be forced to over-decrement the reference count for a string from the request. As a result, an attacker can prematurely free an arbitrary string of global scope. I use this to dismantle ACL's protecting privileged operations, upload a replacement configuration file, then run arbitrary code. \n \nThe reference count over-decrement is exploitable in default configurations, and does not require any special permissions other than the basic ability to print. A cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web. The XSS is reachable in the default configuration for Linux instances of CUPS, and allows an attacker to bypass default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. \n \nExploitation is near-deterministic, and does not require complex memory-corruption 'acrobatics'. Reliability is not affected by traditional exploit mitigations. \nBackground \n \nImproper Teardown - Reference Count Over-Decrement (CVE-2015-1158) \n \nWhen freeing localized multi-value attributes, the reference count on the language string is over-decremented when creating a print job whose 'job-originating-host-name' attribute has more than one value. In 'add_job()', cupsd incorrectly frees the 'language' field for all strings in a group, instead of using 'ipp_free_values()'. \n \nscheduler/ipp.c:1626: \n \n/* \n* Free old strings\u2026 \u2190 Even 'old' strings need to be freed. \n*/ \n \nfor (i = 0; i < attr->num_values; i ++) \n{ \n_cupsStrFree(attr->values[i].string.text); \nattr->values[i].string.text = NULL; \nif (attr->values[i].string.language) \u2190 for all values in an attribute \n{ \n_cupsStrFree(attr->values[i].string.language); \u2190 free the 'language' string \nattr->values[i].string.language = NULL; \n} \n} \n \nIn this case, 'language' field comes from the value of the 'attributes-natural-language' attribute in the request. \n \nTo specifically target a string and free it, we send a 'IPP_CREATE_JOB' or 'IPP_PRINT_JOB' request with a multi-value 'job-originating-host-name' attribute. The number of 'job-originating-host-name' values controls how many times the reference count is decremented. For a 10-value attribute, the reference count for 'language' is increased once, but decremented 10 times. \n \nThe over-decrement prematurely frees the heap block for the target string. The actual block address will be quickly re-used by subsequent allocations. \n \nDangling pointers to the block remain, but the content they point to changes when blocks are freed or reused. This is the basic exploit primitive upon which we build. \n \n \nA Reflected XSS in the Web Interface (CVE-2015-1159) \n \nThe template engine is only vaguely context-aware, and only supports HTML. Template parsing and variable substitution and escaping are handled in 'cgi_copy()'. \n \nThe template engine has 2 special cases for 'href' attributes from HTML links. The first case 'cgi_puturi()' is unused in current templates, but the second case ends up being interesting. \n \nThe code is found in 'cgi_puts()', and escapes the following reserved HTML characters: \n<>\"'& \n \nThese are replaced with their HTML entity equivalents ('<' etc...). \n \nThe function contains a curious special case to deal with HTML links in variable values. Here is a code snippet, from cgi-bin/template.c:650: \n \nif (*s == '<') \n{ \n/* \n* Pass <A HREF=\"url\"> and </A>, otherwise quote it... \n*/ \n \nif (!_cups_strncasecmp(s, \"<A HREF=\\\"\", 9)) \n{ \nfputs(\"<A HREF=\\\"\", out); \ns += 9; \n \nwhile (*s && *s != '\\\"') \n{ \nif (*s == '&') \nfputs(\"&\", out); \nelse \nputc(*s, out); \n \ns ++; \n} \n \nif (*s) \ns ++; \n \nfputs(\"\\\">\", out); \n} \n \nFor variable values containing '<a href=\"', all subsequent characters before a closing double-quote are subject to less restrictive escaping, where only the '&' character is escaped. The characters <>', and a closing \" would normally be escaped, but are echoed unaltered in this context. \n \nNote that the data being escaped here is client-supplied input, the variable value from the CGI argument. This code may have been intended to deal with links passed as CGI arguments. However, the template engine's limited context-awareness becomes an issue. \n \nTake this example from templates/help-header.tmp:19: \n \n<P CLASS=\"l0\"><A HREF=\"/help/{QUERY??QUERY={QUERY}:}\">All Documents</A></P> \n \nIn this case, the CGI argument 'QUERY' is already contained inside a 'href' attribute of a link. If 'QUERY' starts with '<a href=\"', the double-quote will close the 'href' attribute opened in the static portion of the template. The remainder of the 'QUERY' variable will be interpreted as HTML tags. \n \nRequesting the following URI will demonstrate this reflected XSS: \nhttp://localhost:631/help/?QUERY=%3Ca%20href=%22%20%3E%3Cscript%3Ealert%28%27Linux%20crickets%20chirping%20for%20a%20patch%27%29%3C/script%3E%3C!--&SEARCH=Search \n \nThe 'QUERY' parametre is included in the page twice, leading to multiple unbalanced double-quotes. As such, the open comment string '<!--' is used to yield a HTML page that parses without errors. \n \n \nUpstream Fixes \n \nApple Fix (April 16, 2015): \nhttps://support.apple.com/kb/DL1807 \n \nOfficial CUPS fix for downstream vendors (June 8, 2015): \nhttps://www.cups.org/str.php?L4609 \nhttp://www.cups.org/blog.php?L1082+I0+Q \n \nProject Zero Bug \n \nFor those interested, the sample exploit can be found here: \n \nhttps://code.google.com/p/google-security-research/issues/detail?id=455 \nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37336.tar.gz \n \nDisclosure Timeline \n \nMarch 20th, 2015 - Initial notification to Apple \nApril 16th, 2015 - Apple ships fix in Mac OS X 10.10.3 \nJune 8th, 2015 - CUPS ships official fix in CUPS 2.0.3 \nJune 18th, 2015 - Disclosure + 90 days \nJune 19th, 2015 - P0 publication \n \nAttack Surface Reduction in CUPS 2.0.3+ \n \nCUPS 2.0.3 and 2.1 beta contains several prescient implementation changes to limit the risk and impact of future similar bugs: \n \nConfiguration value strings are now logically separated from the string pool, allocated by strdup() instead. \nLD_* and DYLD_* environment variables are blocked when CUPS is running as root. \nThe localhost listener is removed when 'WebInterface' is disabled (2.1 beta only). \n \nAcknowledgements \n \nThanks to Ben Hawkes, Stephan Somogyi, and Mike Sweet for their comments and edits. \n \nConclusion \n \nNo one prints anything anymore anyways. \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/132389/cups-xss.txt", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1159", "https://bugs.archlinux.org/task/45279", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158", "https://www.cups.org/str.php?L4609"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "2.0.3-1", "packageName": "cups", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2015-1158 (arbitrary code execution, privilege escalation)\n\nAn issue with how localized strings are handled in cupsd allows a\nreference counter to over-decrement when handling certain print job\nrequest errors. As a result, an attacker can prematurely free an\narbitrary string of global scope, creating a dangling pointer to a\nrepurposed block of memory on the heap. The dangling pointer causes ACL\nverification to fail when parsing 'admin/conf' and 'admin' ACLs. The ACL\nhandling failure results in unrestricted access to privileged\noperations, allowing an unauthenticated remote user to upload a\nreplacement CUPS configuration file and mount further attacks.\n\n- CVE-2015-1159 (cross-side scripting)\n\nA cross-site scripting bug in the CUPS templating engine allows this bug\nto be exploited when a user browses the web. In certain cases, the CGI\ntemplate can echo user input to file rather than escaping the text\nfirst. This may be used to set up a reflected XSS attack in the QUERY\nparameter of the web interface help page. By default, many linux\ndistributions run with the web interface activated.", "reporter": "Arch Linux", "published": "2015-06-10T00:00:00", "title": "cups: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-10T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html", "id": "ASA-201506-2", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:36:14", "references": ["https://bugzilla.suse.com/924208"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-libs-debuginfo", "packageFilename": "cups154-libs-debuginfo-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-debuginfo", "packageFilename": "cups154-debuginfo-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-filters-debuginfo", "packageFilename": "cups154-filters-debuginfo-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-libs-debuginfo", "packageFilename": "cups154-libs-debuginfo-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-client-debuginfo", "packageFilename": "cups154-client-debuginfo-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-debugsource", "packageFilename": "cups154-debugsource-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-debuginfo", "packageFilename": "cups154-debuginfo-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-filters", "packageFilename": "cups154-filters-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-libs", "packageFilename": "cups154-libs-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-filters-debuginfo", "packageFilename": "cups154-filters-debuginfo-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154", "packageFilename": "cups154-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-client-debuginfo", "packageFilename": "cups154-client-debuginfo-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154", "packageFilename": "cups154-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-libs", "packageFilename": "cups154-libs-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-client", "packageFilename": "cups154-client-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-debugsource", "packageFilename": "cups154-debugsource-1.5.4-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-client", "packageFilename": "cups154-client-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "packageName": "cups154-filters", "packageFilename": "cups154-filters-1.5.4-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-11T19:04:58", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "title": "Security update for cups154 (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "modified": "2015-06-11T19:04:58", "id": "SUSE-SU-2015:1044-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:30:36", "references": ["https://bugzilla.suse.com/924208"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-client", "packageFilename": "cups-client-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-libs", "packageFilename": "cups-libs-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-ddk", "packageFilename": "cups-ddk-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-libs-debuginfo-32bit", "packageFilename": "cups-libs-debuginfo-32bit-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-ddk", "packageFilename": "cups-ddk-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-devel", "packageFilename": "cups-devel-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-ddk-debuginfo", "packageFilename": "cups-ddk-debuginfo-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-libs-32bit", "packageFilename": "cups-libs-32bit-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-libs-debuginfo", "packageFilename": "cups-libs-debuginfo-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-client-debuginfo", "packageFilename": "cups-client-debuginfo-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups", "packageFilename": "cups-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups", "packageFilename": "cups-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-libs-debuginfo", "packageFilename": "cups-libs-debuginfo-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-libs", "packageFilename": "cups-libs-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-libs-32bit", "packageFilename": "cups-libs-32bit-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-client-debuginfo", "packageFilename": "cups-client-debuginfo-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-client", "packageFilename": "cups-client-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-libs-debuginfo", "packageFilename": "cups-libs-debuginfo-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-libs-debuginfo-32bit", "packageFilename": "cups-libs-debuginfo-32bit-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-client-debuginfo", "packageFilename": "cups-client-debuginfo-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-ddk-debuginfo", "packageFilename": "cups-ddk-debuginfo-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-client-debuginfo", "packageFilename": "cups-client-debuginfo-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-libs-debuginfo", "packageFilename": "cups-libs-debuginfo-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-devel", "packageFilename": "cups-devel-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-libs", "packageFilename": "cups-libs-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-client", "packageFilename": "cups-client-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups", "packageFilename": "cups-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.5.4-12.20.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-ddk", "packageFilename": "cups-ddk-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-ddk", "packageFilename": "cups-ddk-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups", "packageFilename": "cups-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-devel", "packageFilename": "cups-devel-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-devel", "packageFilename": "cups-devel-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.5.4-12.20.1", "packageName": "cups-ddk-debuginfo", "packageFilename": "cups-ddk-debuginfo-1.5.4-12.20.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-ddk-debuginfo", "packageFilename": "cups-ddk-debuginfo-1.5.4-21.9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-client", "packageFilename": "cups-client-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "1.5.4-21.9.1", "packageName": "cups-libs", "packageFilename": "cups-libs-1.5.4-21.9.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "This update fixes the following issues:\n\n - CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation\n via cross-site scripting and bad print job submission used to replace\n cupsd.conf on server (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158\n CVE-2015-1159 bugzilla.suse.com bsc#924208). In general it is crucial to\n limit access to CUPS to trustworthy users who do not misuse their\n permission to submit print jobs which means to upload arbitrary data\n onto the CUPS server, see\n <a rel=\"nofollow\" href=\"https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings\">https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings</a> and cf. the\n entries about CVE-2012-5519 below.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-12T21:05:05", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "title": "Security update for cups (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "modified": "2015-06-12T21:05:05", "id": "OPENSUSE-SU-2015:1056-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:47:49", "references": ["https://bugzilla.suse.com/924208"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-filters-debuginfo-1.5.4-9.1.s390x.rpm", "packageName": "cups154-filters-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-debugsource-1.5.4-9.1.s390x.rpm", "packageName": "cups154-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-client-1.5.4-9.1.s390x.rpm", "packageName": "cups154-client", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-filters-1.5.4-9.1.s390x.rpm", "packageName": "cups154-filters", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-libs-1.5.4-9.1.s390x.rpm", "packageName": "cups154-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-1.5.4-9.1.s390x.rpm", "packageName": "cups154", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-debuginfo-1.5.4-9.1.s390x.rpm", "packageName": "cups154-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-client-debuginfo-1.5.4-9.1.s390x.rpm", "packageName": "cups154-client-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Legacy Software", "OSVersion": "12", "packageVersion": "1.5.4-9.1", "arch": "s390x", "packageFilename": "cups154-libs-debuginfo-1.5.4-9.1.s390x.rpm", "packageName": "cups154-libs-debuginfo", "operator": "lt"}], "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-11T20:06:22", "title": "Security update for cups154 (critical)", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "modified": "2015-06-11T20:06:22", "id": "SUSE-SU-2015:1044-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00008.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:26:30", "references": ["https://bugzilla.suse.com/924208"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs", "packageFilename": "cups-libs-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups", "packageFilename": "cups-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups", "packageFilename": "cups-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-client-debuginfo", "packageFilename": "cups-client-debuginfo-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-devel", "packageFilename": "cups-devel-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-client-debuginfo", "packageFilename": "cups-client-debuginfo-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-debuginfo", "packageFilename": "cups-libs-debuginfo-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-client", "packageFilename": "cups-client-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-client-debuginfo", "packageFilename": "cups-client-debuginfo-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-devel", "packageFilename": "cups-devel-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-debuginfo", "packageFilename": "cups-libs-debuginfo-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-32bit", "packageFilename": "cups-libs-32bit-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs", "packageFilename": "cups-libs-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-client", "packageFilename": "cups-client-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-client-debuginfo", "packageFilename": "cups-client-debuginfo-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs", "packageFilename": "cups-libs-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-client", "packageFilename": "cups-client-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs", "packageFilename": "cups-libs-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-debuginfo", "packageFilename": "cups-libs-debuginfo-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-32bit", "packageFilename": "cups-libs-32bit-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-32bit", "packageFilename": "cups-libs-32bit-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-debuginfo-32bit", "packageFilename": "cups-libs-debuginfo-32bit-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups", "packageFilename": "cups-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-debuginfo-32bit", "packageFilename": "cups-libs-debuginfo-32bit-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-client", "packageFilename": "cups-client-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups", "packageFilename": "cups-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-devel", "packageFilename": "cups-devel-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-debuginfo", "packageFilename": "cups-libs-debuginfo-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debugsource", "packageFilename": "cups-debugsource-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-libs-debuginfo-32bit", "packageFilename": "cups-libs-debuginfo-32bit-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.7.5-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.7.5-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.7.5-9.1", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.7.5-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "edition": 1, "reporter": "Suse", "published": "2015-06-11T17:05:04", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "title": "Security update for cups (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "modified": "2015-06-11T17:05:04", "id": "SUSE-SU-2015:1041-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:10", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageName": "cups-debuginfo", "packageFilename": "cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm", "operator": "lt"}], "description": "CUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems.\n\nA string reference count bug was found in cupsd, causing premature freeing\nof string objects. An attacker can submit a malicious print job that\nexploits this flaw to dismantle ACLs protecting privileged operations,\nallowing a replacement configuration file to be uploaded which in turn\nallows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An \nattacker could use this flaw to bypass the default configuration settings \nthat bind the CUPS scheduler to the 'localhost' or loopback interface.\n(CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found in\nthe way cups handled compressed raster image files. An attacker could\ncreate a specially-crafted image file, which when passed via the cups\nRaster filter, could cause the cups filter to crash. (CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and \nCVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n", "reporter": "RedHat", "published": "2015-06-17T04:00:00", "type": "redhat", "title": "(RHSA-2015:1123) Important: cups security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:10", "id": "RHSA-2015:1123", "href": "https://access.redhat.com/errata/RHSA-2015:1123", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:44:54", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageFilename": "cups-1.4.2-67.el6_6.1.x86_64.rpm", "packageName": "cups", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageFilename": "cups-devel-1.4.2-67.el6_6.1.i686.rpm", "packageName": "cups-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageFilename": "cups-devel-1.4.2-67.el6_6.1.i686.rpm", "packageName": "cups-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageFilename": "cups-devel-1.6.3-17.el7_1.1.x86_64.rpm", "packageName": "cups-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageFilename": "cups-libs-1.4.2-67.el6_6.1.i686.rpm", "packageName": "cups-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageFilename": "cups-libs-1.4.2-67.el6_6.1.i686.rpm", "packageName": "cups-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageFilename": "cups-libs-1.4.2-67.el6_6.1.x86_64.rpm", "packageName": "cups-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "noarch", "packageFilename": "cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm", "packageName": "cups-filesystem", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageFilename": "cups-1.6.3-17.el7_1.1.x86_64.rpm", "packageName": "cups", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageFilename": "cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm", "packageName": "cups-lpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "src", "packageFilename": "cups-1.4.2-67.el6_6.1.src.rpm", "packageName": "cups", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "src", "packageFilename": "cups-1.4.2-67.el6_6.1.src.rpm", "packageName": "cups", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageFilename": "cups-client-1.6.3-17.el7_1.1.x86_64.rpm", "packageName": "cups-client", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "src", "packageFilename": "cups-1.6.3-17.el7_1.1.src.rpm", "packageName": "cups", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "i686", "packageFilename": "cups-libs-1.6.3-17.el7_1.1.i686.rpm", "packageName": "cups-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageFilename": "cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm", "packageName": "cups-lpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageFilename": "cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm", "packageName": "cups-ipptool", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageFilename": "cups-libs-1.6.3-17.el7_1.1.x86_64.rpm", "packageName": "cups-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageFilename": "cups-devel-1.4.2-67.el6_6.1.x86_64.rpm", "packageName": "cups-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageFilename": "cups-php-1.4.2-67.el6_6.1.x86_64.rpm", "packageName": "cups-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageFilename": "cups-php-1.4.2-67.el6_6.1.i686.rpm", "packageName": "cups-php", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "i686", "packageFilename": "cups-devel-1.6.3-17.el7_1.1.i686.rpm", "packageName": "cups-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageFilename": "cups-lpd-1.4.2-67.el6_6.1.i686.rpm", "packageName": "cups-lpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageFilename": "cups-1.4.2-67.el6_6.1.i686.rpm", "packageName": "cups", "operator": "lt"}], "description": "[1:1.4.2-67.1]\n- CVE-2015-1158, CVE-2015-1159, CVE-2014-9679 (bug #1229982).", "edition": 3, "reporter": "Oracle", "published": "2015-06-17T00:00:00", "title": "cups security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-17T00:00:00", "id": "ELSA-2015-1123", "href": "http://linux.oracle.com/errata/ELSA-2015-1123.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:09", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1123.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "i686", "packageFilename": "cups-php-1.4.2-67.21.amzn1.i686.rpm", "packageName": "cups-php", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "x86_64", "packageFilename": "cups-1.4.2-67.21.amzn1.x86_64.rpm", "packageName": "cups", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "x86_64", "packageFilename": "cups-devel-1.4.2-67.21.amzn1.x86_64.rpm", "packageName": "cups-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "x86_64", "packageFilename": "cups-php-1.4.2-67.21.amzn1.x86_64.rpm", "packageName": "cups-php", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "i686", "packageFilename": "cups-1.4.2-67.21.amzn1.i686.rpm", "packageName": "cups", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "src", "packageFilename": "cups-1.4.2-67.21.amzn1.src.rpm", "packageName": "cups", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "i686", "packageFilename": "cups-lpd-1.4.2-67.21.amzn1.i686.rpm", "packageName": "cups-lpd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "x86_64", "packageFilename": "cups-debuginfo-1.4.2-67.21.amzn1.x86_64.rpm", "packageName": "cups-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "i686", "packageFilename": "cups-devel-1.4.2-67.21.amzn1.i686.rpm", "packageName": "cups-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "i686", "packageFilename": "cups-libs-1.4.2-67.21.amzn1.i686.rpm", "packageName": "cups-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "x86_64", "packageFilename": "cups-libs-1.4.2-67.21.amzn1.x86_64.rpm", "packageName": "cups-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "x86_64", "packageFilename": "cups-lpd-1.4.2-67.21.amzn1.x86_64.rpm", "packageName": "cups-lpd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.4.2-67.21.amzn1", "arch": "i686", "packageFilename": "cups-debuginfo-1.4.2-67.21.amzn1.i686.rpm", "packageName": "cups-debuginfo", "operator": "lt"}], "description": "**Issue Overview:**\n\nA string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server ([CVE-2015-1158 __](<https://access.redhat.com/security/cve/CVE-2015-1158>))\n\nA cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. ([CVE-2015-1159 __](<https://access.redhat.com/security/cve/CVE-2015-1159>))\n\nAn integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. ([CVE-2014-9679 __](<https://access.redhat.com/security/cve/CVE-2014-9679>))\n\n \n**Affected Packages:** \n\n\ncups\n\n \n**Issue Correction:** \nRun _yum update cups_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n cups-debuginfo-1.4.2-67.21.amzn1.i686 \n cups-libs-1.4.2-67.21.amzn1.i686 \n cups-php-1.4.2-67.21.amzn1.i686 \n cups-devel-1.4.2-67.21.amzn1.i686 \n cups-1.4.2-67.21.amzn1.i686 \n cups-lpd-1.4.2-67.21.amzn1.i686 \n \n src: \n cups-1.4.2-67.21.amzn1.src \n \n x86_64: \n cups-debuginfo-1.4.2-67.21.amzn1.x86_64 \n cups-php-1.4.2-67.21.amzn1.x86_64 \n cups-libs-1.4.2-67.21.amzn1.x86_64 \n cups-devel-1.4.2-67.21.amzn1.x86_64 \n cups-1.4.2-67.21.amzn1.x86_64 \n cups-lpd-1.4.2-67.21.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-07-07T22:26:00", "title": "Medium: cups", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:09", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-07-07T22:26:00", "id": "ALAS-2015-559", "href": "https://alas.aws.amazon.com/ALAS-2015-559.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:02", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1123.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "i686", "packageName": "cups-devel", "packageFilename": "cups-devel-1.6.3-17.el7_1.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageName": "cups", "packageFilename": "cups-1.6.3-17.el7_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageName": "cups-lpd", "packageFilename": "cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageName": "cups-php", "packageFilename": "cups-php-1.4.2-67.el6_6.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "i686", "packageName": "cups-libs", "packageFilename": "cups-libs-1.6.3-17.el7_1.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageName": "cups-libs", "packageFilename": "cups-libs-1.6.3-17.el7_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageName": "cups-devel", "packageFilename": "cups-devel-1.4.2-67.el6_6.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageName": "cups-devel", "packageFilename": "cups-devel-1.4.2-67.el6_6.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageName": "cups-devel", "packageFilename": "cups-devel-1.4.2-67.el6_6.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageName": "cups-lpd", "packageFilename": "cups-lpd-1.4.2-67.el6_6.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageName": "cups-ipptool", "packageFilename": "cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "any", "packageName": "cups", "packageFilename": "cups-1.4.2-67.el6_6.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "noarch", "packageName": "cups-filesystem", "packageFilename": "cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "any", "packageName": "cups", "packageFilename": "cups-1.6.3-17.el7_1.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageName": "cups", "packageFilename": "cups-1.4.2-67.el6_6.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageName": "cups-devel", "packageFilename": "cups-devel-1.6.3-17.el7_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.6.3-17.el7_1.1", "arch": "x86_64", "packageName": "cups-client", "packageFilename": "cups-client-1.6.3-17.el7_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageName": "cups-libs", "packageFilename": "cups-libs-1.4.2-67.el6_6.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageName": "cups", "packageFilename": "cups-1.4.2-67.el6_6.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageName": "cups-libs", "packageFilename": "cups-libs-1.4.2-67.el6_6.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageName": "cups-libs", "packageFilename": "cups-libs-1.4.2-67.el6_6.1.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "x86_64", "packageName": "cups-lpd", "packageFilename": "cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.4.2-67.el6_6.1", "arch": "i686", "packageName": "cups-php", "packageFilename": "cups-php-1.4.2-67.el6_6.1.i686.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:1123\n\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems.\n\nA string reference count bug was found in cupsd, causing premature freeing\nof string objects. An attacker can submit a malicious print job that\nexploits this flaw to dismantle ACLs protecting privileged operations,\nallowing a replacement configuration file to be uploaded which in turn\nallows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An \nattacker could use this flaw to bypass the default configuration settings \nthat bind the CUPS scheduler to the 'localhost' or loopback interface.\n(CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found in\nthe way cups handled compressed raster image files. An attacker could\ncreate a specially-crafted image file, which when passed via the cups\nRaster filter, could cause the cups filter to crash. (CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and \nCVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021178.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021179.html\n\n**Affected packages:**\ncups\ncups-client\ncups-devel\ncups-filesystem\ncups-ipptool\ncups-libs\ncups-lpd\ncups-php\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1123.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-06-18T11:29:43", "title": "cups security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "modified": "2015-06-18T11:30:45", "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021178.html", "id": "CESA-2015:1123", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
