The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1506 advisory.
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
(CVE-2017-18190)
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1506.
##
include('compat.inc');
if (description)
{
script_id(141996);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/13");
script_cve_id("CVE-2017-18190", "CVE-2019-8675", "CVE-2019-8696");
script_xref(name:"ALAS", value:"2020-1506");
script_name(english:"Amazon Linux 2 : cups (ALAS-2020-1506)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by
multiple vulnerabilities as referenced in the ALAS2-2020-1506 advisory.
- A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows
remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in
conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither
the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
(CVE-2017-18190)
- A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave
10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a
privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1506.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2017-18190");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8675");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8696");
script_set_attribute(attribute:"solution", value:
"Run 'yum update cups' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8696");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/16");
script_set_attribute(attribute:"patch_publication_date", value:"2020/10/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-filesystem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-ipptool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cups-lpd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
pkgs = [
{'reference':'cups-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'cups-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'cups-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'cups-client-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'cups-client-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'cups-client-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'cups-debuginfo-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'cups-debuginfo-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'cups-debuginfo-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'cups-devel-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'cups-devel-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'cups-devel-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'cups-filesystem-1.6.3-51.amzn2', 'release':'AL2'},
{'reference':'cups-ipptool-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'cups-ipptool-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'cups-ipptool-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'cups-libs-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'cups-libs-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'cups-libs-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'cups-lpd-1.6.3-51.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'cups-lpd-1.6.3-51.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'cups-lpd-1.6.3-51.amzn2', 'cpu':'x86_64', 'release':'AL2'}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-client / cups-debuginfo / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
amazon | linux | cups | p-cpe:/a:amazon:linux:cups |
amazon | linux | cups-client | p-cpe:/a:amazon:linux:cups-client |
amazon | linux | cups-debuginfo | p-cpe:/a:amazon:linux:cups-debuginfo |
amazon | linux | cups-devel | p-cpe:/a:amazon:linux:cups-devel |
amazon | linux | cups-filesystem | p-cpe:/a:amazon:linux:cups-filesystem |
amazon | linux | cups-ipptool | p-cpe:/a:amazon:linux:cups-ipptool |
amazon | linux | cups-libs | p-cpe:/a:amazon:linux:cups-libs |
amazon | linux | cups-lpd | p-cpe:/a:amazon:linux:cups-lpd |
amazon | linux | 2 | cpe:/o:amazon:linux:2 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8696
access.redhat.com/security/cve/CVE-2017-18190
access.redhat.com/security/cve/CVE-2019-8675
access.redhat.com/security/cve/CVE-2019-8696
alas.aws.amazon.com/AL2/ALAS-2020-1506.html