Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2020-1506.NASL
HistoryOct 28, 2020 - 12:00 a.m.

Amazon Linux 2 : cups (ALAS-2020-1506)

2020-10-2800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

8.5 High

AI Score

Confidence

High

JSON

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1506 advisory.

  • A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
    (CVE-2017-18190)

  • A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#                                  
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1506.
##

include('compat.inc');

if (description)
{
  script_id(141996);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/13");

  script_cve_id("CVE-2017-18190", "CVE-2019-8675", "CVE-2019-8696");
  script_xref(name:"ALAS", value:"2020-1506");

  script_name(english:"Amazon Linux 2 : cups (ALAS-2020-1506)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by
multiple vulnerabilities as referenced in the ALAS2-2020-1506 advisory.

  - A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows
    remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in
    conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither
    the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
    (CVE-2017-18190)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave
    10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a
    privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1506.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2017-18190");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8675");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8696");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update cups' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8696");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-ipptool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-lpd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

pkgs = [
    {'reference':'cups-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'cups-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'cups-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'cups-client-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'cups-client-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'cups-client-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'cups-debuginfo-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'cups-debuginfo-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'cups-debuginfo-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'cups-devel-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'cups-devel-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'cups-devel-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'cups-filesystem-1.6.3-51.amzn2', 'release':'AL2'},
    {'reference':'cups-ipptool-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'cups-ipptool-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'cups-ipptool-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'cups-libs-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'cups-libs-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'cups-libs-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'cups-lpd-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'cups-lpd-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'cups-lpd-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  cpu = NULL;
  el_string = NULL;
  rpm_spec_vers_cmp = NULL;
  allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-client / cups-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxcupsp-cpe:/a:amazon:linux:cups
amazonlinuxcups-clientp-cpe:/a:amazon:linux:cups-client
amazonlinuxcups-debuginfop-cpe:/a:amazon:linux:cups-debuginfo
amazonlinuxcups-develp-cpe:/a:amazon:linux:cups-devel
amazonlinuxcups-filesystemp-cpe:/a:amazon:linux:cups-filesystem
amazonlinuxcups-ipptoolp-cpe:/a:amazon:linux:cups-ipptool
amazonlinuxcups-libsp-cpe:/a:amazon:linux:cups-libs
amazonlinuxcups-lpdp-cpe:/a:amazon:linux:cups-lpd
amazonlinux2cpe:/o:amazon:linux:2

Related

amazon 1
redhat 4
nessus 37
oraclelinux 2
centos 1
f5 2
ubuntu 2
openvas 26
suse 4
fedora 2
freebsd 1
debian 3
osv 6
redhatcve 3
prion 3
mageia 2
cve 3
veracode 3
alpinelinux 3
ubuntucve 3
debiancve 3
apple 2
amazon
amazon
Medium: cups
2020-10-22 17:24:00
redhat
redhat
(RHSA-2020:3864) Moderate: cups security and bug fix update
2020-09-29 07:38:43
(RHSA-2020:1765) Low: cups security and bug fix update
2020-04-28 09:13:14
(RHSA-2020:4264) Low: OpenShift Container Platform 4.3.40 security and bug fix update
2020-10-20 21:25:42
nessus
nessus
NewStart CGSL CORE 5.05 / MAIN 5.05 : cups Multiple Vulnerabilities (NS-SA-2021-0161)
2021-10-27 00:00:00
Scientific Linux Security Update : cups on SL7.x x86_64 (20201001)
2020-10-21 00:00:00
CentOS 7 : cups (CESA-2020:3864)
2020-10-20 00:00:00
oraclelinux
oraclelinux
cups security and bug fix update
2020-10-06 00:00:00
cups security and bug fix update
2020-05-05 00:00:00
centos
centos
cups security update
2020-10-20 17:51:56
f5
f5
K29110929 : MacOS vulnerabilities CVE-2019-8675, CVE-2019-8696
2022-05-04 00:00:00
K84301413 : CUPS vulnerability CVE-2017-18190
2022-07-21 00:00:00
ubuntu
ubuntu
CUPS vulnerabilities
2019-08-20 00:00:00
CUPS vulnerability
2018-02-21 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:3057-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-4105-1)
2019-08-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3030-1)
2021-06-09 00:00:00
suse
suse
Security update for cups (important)
2019-11-27 00:00:00
Security update for cups (important)
2019-11-27 00:00:00
Security update for cups (important)
2018-03-05 15:11:52
fedora
fedora
[SECURITY] Fedora 30 Update: cups-2.2.12-1.fc30
2019-09-03 12:32:45
[SECURITY] Fedora 29 Update: cups-2.2.8-12.fc29
2019-09-03 12:58:12
freebsd
freebsd
CUPS -- multiple vulnerabilities
2019-08-15 00:00:00
debian
debian
[SECURITY] [DLA 1893-1] cups security update
2019-08-22 20:45:14
[SECURITY] [DLA 1288-1] cups security update
2018-02-22 15:20:39
[SECURITY] [DLA 1412-1] cups security update
2018-07-03 19:00:03
osv
osv
cups - security update
2019-08-22 00:00:00
CVE-2017-18190
2018-02-16 17:29:00
cups - security update
2018-02-22 00:00:00
redhatcve
redhatcve
CVE-2017-18190
2019-05-14 11:52:20
CVE-2019-8675
2019-08-17 19:51:06
CVE-2019-8696
2019-08-17 19:51:47
prion
prion
Command injection
2018-02-16 17:29:00
Buffer overflow
2020-10-27 20:15:00
Buffer overflow
2020-10-27 20:15:00
mageia
mageia
Updated cups packages fix security vulnerability
2018-02-27 02:40:56
Updated cups packages fix security vulnerability
2020-06-11 01:26:12
cve
cve
CVE-2017-18190
2018-02-16 17:29:00
CVE-2019-8675
2020-10-27 20:15:00
CVE-2019-8696
2020-10-27 20:15:00
veracode
veracode
Arbitrary IPP Command Execution
2018-04-23 06:43:13
Denial Of Service (DoS)
2020-04-29 02:42:55
Denial Of Service (DoS)
2020-04-29 02:42:55
alpinelinux
alpinelinux
CVE-2017-18190
2018-02-16 17:29:00
CVE-2019-8675
2020-10-27 20:15:00
CVE-2019-8696
2020-10-27 20:15:00
ubuntucve
ubuntucve
CVE-2017-18190
2018-02-16 00:00:00
CVE-2019-8675
2019-08-14 00:00:00
CVE-2019-8696
2019-08-14 00:00:00
debiancve
debiancve
CVE-2017-18190
2018-02-16 17:29:00
CVE-2019-8675
2020-10-27 20:15:00
CVE-2019-8696
2020-10-27 20:15:00
apple
apple
About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
2019-07-22 00:00:00
About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra - Apple Support
2020-06-25 07:44:38

8.5 High

AI Score

Confidence

High

JSON
Related for AL2_ALAS-2020-1506.NASL
amazon1redhat4nessus37oraclelinux2centos1f52ubuntu2openvas26suse4fedora2freebsd1debian3osv6redhatcve3prion3mageia2cve3veracode3alpinelinux3ubuntucve3debiancve3apple2