ID CENTOS_RHSA-2015-1123.NASL Type nessus Reporter Tenable Modified 2016-05-04T00:00:00
Description
Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems.
A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)
A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159)
An integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash.
(CVE-2014-9679)
Red Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues.
All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2015:1123 and
# CentOS Errata and Security Advisory 2015:1123 respectively.
#
include("compat.inc");
if (description)
{
script_id(84276);
script_version("$Revision: 2.6 $");
script_cvs_date("$Date: 2016/05/04 14:39:53 $");
script_cve_id("CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159");
script_bugtraq_id(72594, 75098, 75106);
script_osvdb_id(118237, 123116, 123117);
script_xref(name:"RHSA", value:"2015:1123");
script_name(english:"CentOS 6 / 7 : cups (CESA-2015:1123)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated cups packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
CUPS provides a portable printing layer for Linux, UNIX, and similar
operating systems.
A string reference count bug was found in cupsd, causing premature
freeing of string objects. An attacker can submit a malicious print
job that exploits this flaw to dismantle ACLs protecting privileged
operations, allowing a replacement configuration file to be uploaded
which in turn allows the attacker to run arbitrary code in the CUPS
server (CVE-2015-1158)
A cross-site scripting flaw was found in the cups web templating
engine. An attacker could use this flaw to bypass the default
configuration settings that bind the CUPS scheduler to the 'localhost'
or loopback interface. (CVE-2015-1159)
An integer overflow leading to a heap-based buffer overflow was found
in the way cups handled compressed raster image files. An attacker
could create a specially crafted image file, which when passed via the
cups Raster filter, could cause the cups filter to crash.
(CVE-2014-9679)
Red Hat would like to thank the CERT/CC for reporting CVE-2015-1158
and CVE-2015-1159 issues.
All cups users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing
this update, the cupsd daemon will be restarted automatically."
);
# http://lists.centos.org/pipermail/centos-announce/2015-June/021178.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?3ed2b6f9"
);
# http://lists.centos.org/pipermail/centos-announce/2015-June/021179.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?96f7741b"
);
script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-filesystem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-ipptool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-lpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-php");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"patch_publication_date", value:"2015/06/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-6", reference:"cups-1.4.2-67.el6_6.1")) flag++;
if (rpm_check(release:"CentOS-6", reference:"cups-devel-1.4.2-67.el6_6.1")) flag++;
if (rpm_check(release:"CentOS-6", reference:"cups-libs-1.4.2-67.el6_6.1")) flag++;
if (rpm_check(release:"CentOS-6", reference:"cups-lpd-1.4.2-67.el6_6.1")) flag++;
if (rpm_check(release:"CentOS-6", reference:"cups-php-1.4.2-67.el6_6.1")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-1.6.3-17.el7_1.1")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-client-1.6.3-17.el7_1.1")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-devel-1.6.3-17.el7_1.1")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-filesystem-1.6.3-17.el7_1.1")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-ipptool-1.6.3-17.el7_1.1")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-libs-1.6.3-17.el7_1.1")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"cups-lpd-1.6.3-17.el7_1.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "CENTOS_RHSA-2015-1123.NASL", "bulletinFamily": "scanner", "title": "CentOS 6 / 7 : cups (CESA-2015:1123)", "description": "Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar operating systems.\n\nA string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash.\n(CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.", "published": "2015-06-19T00:00:00", "modified": "2016-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84276", "reporter": "Tenable", "references": ["http://www.nessus.org/u?96f7741b", "http://www.nessus.org/u?3ed2b6f9"], "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "type": "nessus", "lastseen": "2017-10-29T13:41:16", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar operating systems.\n\nA string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash.\n(CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.", "edition": 1, "enchantments": {}, "hash": "7c287efedcb1befac61fb319ecd09218273f419783b1eb80af9804286985f47d", "hashmap": [{"hash": "9fe7fac5643c2de42bab95a37df308be", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "42a303b6c8ee4f399e2b408d8aa372af", "key": "description"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "883afaca71e4c27b13b077c8f0d80806", "key": "href"}, {"hash": "52b779c6cb4db7f4867db45da7a5d907", "key": "pluginID"}, {"hash": "212e625ef8cc5028a93a91290153dca0", "key": "references"}, {"hash": "13f4c3ea99a9d71a729f1d00e5b614d9", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "20a3b22f38036d445be91ac3db867352", "key": "cvelist"}, {"hash": "164a4115e940e28685331ff6cf8244a3", "key": "title"}, {"hash": "1c6c46af46e03c23b443748a84d485a0", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=84276", "id": "CENTOS_RHSA-2015-1123.NASL", "lastseen": "2016-09-26T17:25:29", "modified": "2016-05-04T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "84276", "published": "2015-06-19T00:00:00", "references": ["http://www.nessus.org/u?96f7741b", "http://www.nessus.org/u?3ed2b6f9"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1123 and \n# CentOS Errata and Security Advisory 2015:1123 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84276);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/05/04 14:39:53 $\");\n\n script_cve_id(\"CVE-2014-9679\", \"CVE-2015-1158\", \"CVE-2015-1159\");\n script_bugtraq_id(72594, 75098, 75106);\n script_osvdb_id(118237, 123116, 123117);\n script_xref(name:\"RHSA\", value:\"2015:1123\");\n\n script_name(english:\"CentOS 6 / 7 : cups (CESA-2015:1123)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems.\n\nA string reference count bug was found in cupsd, causing premature\nfreeing of string objects. An attacker can submit a malicious print\njob that exploits this flaw to dismantle ACLs protecting privileged\noperations, allowing a replacement configuration file to be uploaded\nwhich in turn allows the attacker to run arbitrary code in the CUPS\nserver (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating\nengine. An attacker could use this flaw to bypass the default\nconfiguration settings that bind the CUPS scheduler to the 'localhost'\nor loopback interface. (CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found\nin the way cups handled compressed raster image files. An attacker\ncould create a specially crafted image file, which when passed via the\ncups Raster filter, could cause the cups filter to crash.\n(CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158\nand CVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthis update, the cupsd daemon will be restarted automatically.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-June/021178.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ed2b6f9\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-June/021179.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96f7741b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-ipptool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-devel-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-libs-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-lpd-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-php-1.4.2-67.el6_6.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-client-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-devel-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-filesystem-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-ipptool-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-libs-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-lpd-1.6.3-17.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 6 / 7 : cups (CESA-2015:1123)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:29"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c5bff0491c78f8e2241f90164d8cbe6f"}, {"key": "cvelist", "hash": "20a3b22f38036d445be91ac3db867352"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "42a303b6c8ee4f399e2b408d8aa372af"}, {"key": "href", "hash": "883afaca71e4c27b13b077c8f0d80806"}, {"key": "modified", "hash": "13f4c3ea99a9d71a729f1d00e5b614d9"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "52b779c6cb4db7f4867db45da7a5d907"}, {"key": "published", "hash": "9fe7fac5643c2de42bab95a37df308be"}, {"key": "references", "hash": "212e625ef8cc5028a93a91290153dca0"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "1c6c46af46e03c23b443748a84d485a0"}, {"key": "title", "hash": "164a4115e940e28685331ff6cf8244a3"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c51e9aa8bc2355be7400291b1665d2b80aeb0fb77a417999641030cab737eb76", "viewCount": 4, "enchantments": {"vulnersScore": 2.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1123 and \n# CentOS Errata and Security Advisory 2015:1123 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84276);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/05/04 14:39:53 $\");\n\n script_cve_id(\"CVE-2014-9679\", \"CVE-2015-1158\", \"CVE-2015-1159\");\n script_bugtraq_id(72594, 75098, 75106);\n script_osvdb_id(118237, 123116, 123117);\n script_xref(name:\"RHSA\", value:\"2015:1123\");\n\n script_name(english:\"CentOS 6 / 7 : cups (CESA-2015:1123)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cups packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems.\n\nA string reference count bug was found in cupsd, causing premature\nfreeing of string objects. An attacker can submit a malicious print\njob that exploits this flaw to dismantle ACLs protecting privileged\noperations, allowing a replacement configuration file to be uploaded\nwhich in turn allows the attacker to run arbitrary code in the CUPS\nserver (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating\nengine. An attacker could use this flaw to bypass the default\nconfiguration settings that bind the CUPS scheduler to the 'localhost'\nor loopback interface. (CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found\nin the way cups handled compressed raster image files. An attacker\ncould create a specially crafted image file, which when passed via the\ncups Raster filter, could cause the cups filter to crash.\n(CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158\nand CVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthis update, the cupsd daemon will be restarted automatically.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-June/021178.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ed2b6f9\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-June/021179.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96f7741b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-ipptool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-devel-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-libs-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-lpd-1.4.2-67.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-php-1.4.2-67.el6_6.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-client-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-devel-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-filesystem-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-ipptool-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-libs-1.6.3-17.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cups-lpd-1.6.3-17.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "84276", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:cups-libs", "p-cpe:/a:centos:centos:cups-php", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:cups", "p-cpe:/a:centos:centos:cups-ipptool", "p-cpe:/a:centos:centos:cups-client", "p-cpe:/a:centos:centos:cups-lpd", "p-cpe:/a:centos:centos:cups-filesystem", "p-cpe:/a:centos:centos:cups-devel"]}
{"result": {"cve": [{"id": "CVE-2014-9679", "type": "cve", "title": "CVE-2014-9679", "description": "Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.", "published": "2015-02-19T10:59:11", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9679", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-04-18T15:55:37"}, {"id": "CVE-2015-1158", "type": "cve", "title": "CVE-2015-1158", "description": "The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.", "published": "2015-06-26T06:59:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1158", "cvelist": ["CVE-2015-1158"], "lastseen": "2017-09-23T10:41:35"}, {"id": "CVE-2015-1159", "type": "cve", "title": "CVE-2015-1159", "description": "Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.", "published": "2015-06-26T06:59:02", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1159", "cvelist": ["CVE-2015-1159"], "lastseen": "2017-09-23T10:41:35"}], "f5": [{"id": "F5:K52950150", "type": "f5", "title": "CUPS vulnerability CVE-2014-9679", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2016-10-19T00:05:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K52950150", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-06-08T00:16:10"}, {"id": "SOL52950150", "type": "f5", "title": "SOL52950150 - CUPS vulnerability CVE-2014-9679", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2016-10-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/52/sol52950150.html", "cvelist": ["CVE-2014-9679"], "lastseen": "2016-10-18T21:25:01"}, {"id": "SOL16794", "type": "f5", "title": "SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159", "description": " * [CVE-2015-1158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158>)\n\nA string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allows the attacker to run arbitrary code on the CUPS server.\n\n * [CVE-2015-1159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1159>)\n\nA cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web.\n", "published": "2015-06-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/700/sol16794.html", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2016-03-19T09:01:42"}], "openvas": [{"id": "OPENVAS:1361412562310869028", "type": "openvas", "title": "Fedora Update for cups FEDORA-2015-2127", "description": "Check the version of cups", "published": "2015-02-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869028", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-07-25T10:52:30"}, {"id": "OPENVAS:1361412562310842103", "type": "openvas", "title": "Ubuntu Update for cups USN-2520-1", "description": "Check the version of cups", "published": "2015-02-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842103", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-12-04T11:23:12"}, {"id": "OPENVAS:703172", "type": "openvas", "title": "Debian Security Advisory DSA 3172-1 (cups - security update)", "description": "Peter De Wachter discovered that CUPS,\nthe Common UNIX Printing System, did not correctly parse compressed raster files.\nBy submitting a specially crafted raster file, a remote attacker could use this\nvulnerability to trigger a buffer overflow.", "published": "2015-02-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703172", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-07-24T12:52:49"}, {"id": "OPENVAS:1361412562310703172", "type": "openvas", "title": "Debian Security Advisory DSA 3172-1 (cups - security update)", "description": "Peter De Wachter discovered that CUPS,\nthe Common UNIX Printing System, did not correctly parse compressed raster files.\nBy submitting a specially crafted raster file, a remote attacker could use this\nvulnerability to trigger a buffer overflow.", "published": "2015-02-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703172", "cvelist": ["CVE-2014-9679"], "lastseen": "2018-04-06T11:25:55"}, {"id": "OPENVAS:1361412562310871377", "type": "openvas", "title": "RedHat Update for cups RHSA-2015:1123-01", "description": "Check the version of cups", "published": "2015-06-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871377", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-07-27T10:52:37"}, {"id": "OPENVAS:1361412562310123098", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1123", "description": "Oracle Linux Local Security Checks ELSA-2015-1123", "published": "2015-10-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123098", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-07-24T12:53:30"}, {"id": "OPENVAS:1361412562310882201", "type": "openvas", "title": "CentOS Update for cups CESA-2015:1123 centos7 ", "description": "Check the version of cups", "published": "2015-06-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882201", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-07-25T10:53:34"}, {"id": "OPENVAS:1361412562310882202", "type": "openvas", "title": "CentOS Update for cups CESA-2015:1123 centos6 ", "description": "Check the version of cups", "published": "2015-06-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882202", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-07-25T10:53:40"}, {"id": "OPENVAS:1361412562310869456", "type": "openvas", "title": "Fedora Update for cups FEDORA-2015-9801", "description": "Check the version of cups", "published": "2015-06-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869456", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-07-25T10:53:26"}, {"id": "OPENVAS:1361412562310120032", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2015-559", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120032", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-07-24T12:53:21"}], "nessus": [{"id": "MANDRIVA_MDVSA-2015-049.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : cups (MDVSA-2015:049)", "description": "Updated cups packages fix security vulnerability :\n\nA malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679).", "published": "2015-03-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81932", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:34:33"}, {"id": "OPENSUSE-2015-182.NASL", "type": "nessus", "title": "openSUSE Security Update : cups (openSUSE-2015-182)", "description": "cups was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9679: A malformed compressed raster file can trigger a buffer overflow in cupsRasterReadPixels (bnc#917799).", "published": "2015-02-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81562", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:40:15"}, {"id": "GENTOO_GLSA-201607-06.NASL", "type": "nessus", "title": "GLSA-201607-06 : CUPS: Buffer overflow", "description": "The remote host is affected by the vulnerability described in GLSA-201607-06 (CUPS: Buffer overflow)\n\n A vulnerability has been discovered in CUPS concerning the handling of compressed raster files.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process.\n Workaround :\n\n There is no known workaround at this time.", "published": "2016-07-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=92350", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:33:50"}, {"id": "SUSE_11_CUPS-150302.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : cups (SAT Patch Number 10394)", "description": "cups has been updated to fix one security issue :\n\n - A malformed compressed raster file can trigger a buffer overflow in cupsRasterReadPixels. (bnc#917799).\n (CVE-2014-9679)", "published": "2015-03-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82019", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:42:09"}, {"id": "FEDORA_2015-2152.NASL", "type": "nessus", "title": "Fedora 20 : cups-1.7.5-12.fc20 (2015-2152)", "description": "This update fixes CVE-2014-9679, a buffer overflow when handling CUPS Raster format.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-02-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81428", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:34:20"}, {"id": "DEBIAN_DLA-159.NASL", "type": "nessus", "title": "Debian DLA-159-1 : cups security update", "description": "Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze7.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 1.5.3-5+deb7u5.\n\nWe recommend that you upgrade your cups packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-03-26T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82142", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:42:02"}, {"id": "UBUNTU_USN-2520-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cups vulnerability (USN-2520-1)", "description": "Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-02-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81573", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:35:33"}, {"id": "DEBIAN_DSA-3172.NASL", "type": "nessus", "title": "Debian DSA-3172-1 : cups - security update", "description": "Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow.", "published": "2015-02-26T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81526", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:39:20"}, {"id": "FEDORA_2015-2127.NASL", "type": "nessus", "title": "Fedora 21 : cups-1.7.5-15.fc21 (2015-2127)", "description": "This update fixes CVE-2014-9679, a buffer overflow when handling CUPS Raster format.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-02-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81427", "cvelist": ["CVE-2014-9679"], "lastseen": "2017-10-29T13:34:13"}, {"id": "SL_20150617_CUPS_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : cups on SL6.x, SL7.x i386/x86_64", "description": "A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash.\n(CVE-2014-9679)\n\nAfter installing this update, the cupsd daemon will be restarted automatically.", "published": "2015-06-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84259", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-10-29T13:42:31"}], "debian": [{"id": "DLA-159", "type": "debian", "title": "cups -- LTS security update", "description": "Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze7.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 1.5.3-5+deb7u5.\n\nWe recommend that you upgrade your cups packages.", "published": "2015-02-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-159", "cvelist": ["CVE-2014-9679"], "lastseen": "2016-09-02T12:57:06"}, {"id": "DSA-3172", "type": "debian", "title": "cups -- security update", "description": "Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files. By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 1.5.3-5+deb7u5.\n\nFor the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1.7.5-11.\n\nWe recommend that you upgrade your cups packages.", "published": "2015-02-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3172", "cvelist": ["CVE-2014-9679"], "lastseen": "2016-09-02T18:22:12"}, {"id": "DSA-3283", "type": "debian", "title": "cups -- security update", "description": "It was discovered that CUPS, the Common UNIX Printing System, is vulnerable to a remotely triggerable privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on the CUPS server.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 1.5.3-5+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed in version 1.7.5-11+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.7.5-12.\n\nWe recommend that you upgrade your cups packages.", "published": "2015-06-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3283", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2016-09-02T18:34:03"}, {"id": "DLA-239", "type": "debian", "title": "cups -- LTS security update", "description": "Two critical vulnerabilities have been found in the CUPS printing system:\n\n * [CVE-2015-1158](<https://security-tracker.debian.org/tracker/CVE-2015-1158>)\n\n\\- Improper Update of Reference Count Cupsd uses reference-counted strings with global scope. When parsing a print job request, cupsd over-decrements the reference count for a string from the request. As a result, an attacker can prematurely free an arbitrary string of global scope. They can use this to dismantle ACL\u2019s protecting privileged operations, and upload a replacement configuration file, and subsequently run arbitrary code on a target machine.\n\nThis bug is exploitable in default configurations, and does not require any special permissions other than the basic ability to print.\n\n * [CVE-2015-1159](<https://security-tracker.debian.org/tracker/CVE-2015-1159>)\n\n\\- Cross-Site Scripting A cross-site scripting bug in the CUPS templating engine allows the above bug to be exploited when a user browses the web. This XSS is reachable in the default configuration for Linux instances of CUPS, and allows an attacker to bypass default configuration settings that bind the CUPS scheduler to the \u2018localhost\u2019 or loopback interface.", "published": "2015-06-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/2015/dla-239", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-10-05T12:58:46"}], "gentoo": [{"id": "GLSA-201607-06", "type": "gentoo", "title": "CUPS: Buffer overflow", "description": "### Background\n\nCUPS, the Common Unix Printing System, is a full-featured print server.\n\n### Description\n\nA vulnerability has been discovered in CUPS concerning the handling of compressed raster files. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll CUPS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-2.0.2-r1\"", "published": "2016-07-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201607-06", "cvelist": ["CVE-2014-9679"], "lastseen": "2016-09-06T19:46:40"}, {"id": "GLSA-201510-07", "type": "gentoo", "title": "CUPS: Multiple vulnerabilities", "description": "### Background\n\nCUPS, the Common Unix Printing System, is a full-featured print server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in cups. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll CUPS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-2.0.3\"", "published": "2015-10-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201510-07", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2016-09-06T19:46:51"}], "ubuntu": [{"id": "USN-2520-1", "type": "ubuntu", "title": "CUPS vulnerability", "description": "Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.", "published": "2015-02-26T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2520-1/", "cvelist": ["CVE-2014-9679"], "lastseen": "2018-03-29T18:20:29"}, {"id": "USN-2629-1", "type": "ubuntu", "title": "CUPS vulnerabilities", "description": "It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. (CVE-2015-1158)\n\nIt was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings. (CVE-2015-1159)", "published": "2015-06-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2629-1/", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2018-03-29T18:18:15"}], "oraclelinux": [{"id": "ELSA-2015-1123", "type": "oraclelinux", "title": "cups security update", "description": "[1:1.4.2-67.1]\n- CVE-2015-1158, CVE-2015-1159, CVE-2014-9679 (bug #1229982).", "published": "2015-06-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1123.html", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2016-09-04T11:16:53"}], "redhat": [{"id": "RHSA-2015:1123", "type": "redhat", "title": "(RHSA-2015:1123) Important: cups security update", "description": "CUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems.\n\nA string reference count bug was found in cupsd, causing premature freeing\nof string objects. An attacker can submit a malicious print job that\nexploits this flaw to dismantle ACLs protecting privileged operations,\nallowing a replacement configuration file to be uploaded which in turn\nallows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An \nattacker could use this flaw to bypass the default configuration settings \nthat bind the CUPS scheduler to the 'localhost' or loopback interface.\n(CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found in\nthe way cups handled compressed raster image files. An attacker could\ncreate a specially-crafted image file, which when passed via the cups\nRaster filter, could cause the cups filter to crash. (CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and \nCVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n", "published": "2015-06-17T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1123", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2018-04-15T14:24:52"}], "amazon": [{"id": "ALAS-2015-559", "type": "amazon", "title": "Medium: cups", "description": "**Issue Overview:**\n\nA string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server ([CVE-2015-1158 __](<https://access.redhat.com/security/cve/CVE-2015-1158>))\n\nA cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. ([CVE-2015-1159 __](<https://access.redhat.com/security/cve/CVE-2015-1159>))\n\nAn integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. ([CVE-2014-9679 __](<https://access.redhat.com/security/cve/CVE-2014-9679>))\n\n \n**Affected Packages:** \n\n\ncups\n\n \n**Issue Correction:** \nRun _yum update cups_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n cups-debuginfo-1.4.2-67.21.amzn1.i686 \n cups-libs-1.4.2-67.21.amzn1.i686 \n cups-php-1.4.2-67.21.amzn1.i686 \n cups-devel-1.4.2-67.21.amzn1.i686 \n cups-1.4.2-67.21.amzn1.i686 \n cups-lpd-1.4.2-67.21.amzn1.i686 \n \n src: \n cups-1.4.2-67.21.amzn1.src \n \n x86_64: \n cups-debuginfo-1.4.2-67.21.amzn1.x86_64 \n cups-php-1.4.2-67.21.amzn1.x86_64 \n cups-libs-1.4.2-67.21.amzn1.x86_64 \n cups-devel-1.4.2-67.21.amzn1.x86_64 \n cups-1.4.2-67.21.amzn1.x86_64 \n cups-lpd-1.4.2-67.21.amzn1.x86_64 \n \n \n", "published": "2015-07-07T12:34:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-559.html", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2016-09-28T21:04:09"}], "centos": [{"id": "CESA-2015:1123", "type": "centos", "title": "cups security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:1123\n\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems.\n\nA string reference count bug was found in cupsd, causing premature freeing\nof string objects. An attacker can submit a malicious print job that\nexploits this flaw to dismantle ACLs protecting privileged operations,\nallowing a replacement configuration file to be uploaded which in turn\nallows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An \nattacker could use this flaw to bypass the default configuration settings \nthat bind the CUPS scheduler to the 'localhost' or loopback interface.\n(CVE-2015-1159)\n\nAn integer overflow leading to a heap-based buffer overflow was found in\nthe way cups handled compressed raster image files. An attacker could\ncreate a specially-crafted image file, which when passed via the cups\nRaster filter, could cause the cups filter to crash. (CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and \nCVE-2015-1159 issues.\n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021178.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021179.html\n\n**Affected packages:**\ncups\ncups-client\ncups-devel\ncups-filesystem\ncups-ipptool\ncups-libs\ncups-lpd\ncups-php\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1123.html", "published": "2015-06-18T11:29:43", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021178.html", "cvelist": ["CVE-2014-9679", "CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2017-10-03T18:25:02"}], "exploitdb": [{"id": "EDB-ID:41233", "type": "exploitdb", "title": "CUPS < 2.0.3 - Remote Command Execution", "description": "CUPS < 2.0.3 - Remote Command Execution. CVE-2015-1158. Remote exploit for Linux platform", "published": "2017-02-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/41233/", "cvelist": ["CVE-2015-1158"], "lastseen": "2017-02-03T08:59:45"}, {"id": "EDB-ID:37336", "type": "exploitdb", "title": "CUPS < 2.0.3 - Multiple Vulnerabilities", "description": "CUPS < 2.0.3 - Multiple Vulnerabilities. CVE-2015-1158. Remote exploits for multiple platform", "published": "2015-06-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/37336/", "cvelist": ["CVE-2015-1158"], "lastseen": "2016-02-04T05:36:17"}], "packetstorm": [{"id": "PACKETSTORM:140920", "type": "packetstorm", "title": "CUPS Remote Code Execution", "description": "", "published": "2017-02-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/140920/CUPS-Remote-Code-Execution.html", "cvelist": ["CVE-2015-1158"], "lastseen": "2017-02-03T17:04:32"}, {"id": "PACKETSTORM:132389", "type": "packetstorm", "title": "CUPS XSS / String Handling / Improper Teardown", "description": "", "published": "2015-06-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/132389/CUPS-XSS-String-Handling-Improper-Teardown.html", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2016-12-05T22:23:53"}], "zdt": [{"id": "1337DAY-ID-23782", "type": "zdt", "title": "CUPS 2.0.3 - Multiple Vulnerabilities", "description": "Exploit for multiple platform in category remote exploits", "published": "2015-06-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/23782", "cvelist": ["CVE-2015-1158"], "lastseen": "2017-12-31T21:02:32"}, {"id": "1337DAY-ID-26891", "type": "zdt", "title": "CUPS 2.0.3 - Remote Command Execution Exploit", "description": "Exploit for linux platform in category remote exploits", "published": "2017-02-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/26891", "cvelist": ["CVE-2015-1158"], "lastseen": "2018-01-08T23:03:57"}], "slackware": [{"id": "SSA-2015-188-01", "type": "slackware", "title": "cups", "description": "New cups packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/cups-1.5.4-i486-4_slack14.1.txz: Rebuilt.\n This release fixes a security issue:\n CWE-911: Improper Update of Reference Count - CVE-2015-1158\n This bug could allow an attacker to upload a replacement CUPS\n configuration file and mount further attacks.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1158\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/cups-1.3.11-i486-3_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/cups-1.3.11-x86_64-3_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/cups-1.4.5-i486-3_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/cups-1.4.5-x86_64-3_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/cups-1.4.6-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/cups-1.4.6-x86_64-2_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/cups-1.5.4-i486-3_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/cups-1.5.4-x86_64-3_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/cups-1.5.4-i486-4_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/cups-1.5.4-x86_64-4_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/cups-2.0.3-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/cups-2.0.3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\nf013abe1761fb1a3a962ee6bb63bb12c cups-1.3.11-i486-3_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n88c5e1cf46eab8fd0d101e8411f10251 cups-1.3.11-x86_64-3_slack13.0.txz\n\nSlackware 13.1 package:\nf71f2b3066f4af9c407df75b1535f179 cups-1.4.5-i486-3_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2bf27108c7c2772e8adbd984efb0c55e cups-1.4.5-x86_64-3_slack13.1.txz\n\nSlackware 13.37 package:\n0db4e57246873b1817f7332f90dd245f cups-1.4.6-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n8d3ce5ec82218ebb001c0b46d891895a cups-1.4.6-x86_64-2_slack13.37.txz\n\nSlackware 14.0 package:\nc9130b507a69775f68eb1ca71c2c746c cups-1.5.4-i486-3_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ne91436f9885350bc63a2d9484f974e66 cups-1.5.4-x86_64-3_slack14.0.txz\n\nSlackware 14.1 package:\ne7887e9c90b7501edca14157a85f7c3c cups-1.5.4-i486-4_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n712faf20c729a442d6229de6942aefc5 cups-1.5.4-x86_64-4_slack14.1.txz\n\nSlackware -current package:\nb92d4ad6d8da3487ca0445915ef6aa38 ap/cups-2.0.3-i486-1.txz\n\nSlackware x86_64 -current package:\nf740e4376110c797ef1926d5a94bea5a ap/cups-2.0.3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg cups-1.5.4-i486-4_slack14.1.txz\n\nThen, restart the cups server:\n > sh /etc/rc.d/rc.cups restart", "published": "2015-07-07T17:00:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.507395", "cvelist": ["CVE-2015-1158"], "lastseen": "2018-02-02T18:11:29"}], "cert": [{"id": "VU:810572", "type": "cert", "title": "CUPS print service is vulnerable to privilege escalation and cross-site scripting", "description": "### Overview\n\nCUPS implements the Internet Printing Protocol (IPP) for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error.\n\n### Description\n\n[**CWE-911**](<http://cwe.mitre.org/data/definitions/911.html>)**: Improper Update of Reference Count - **CVE-2015-1158 \n\nAn issue with how localized strings are handled in `cupsd` allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap. The dangling pointer causes ACL verification to fail when parsing `'admin/conf'` and` ``'admin'` ACLs. The ACL handling failure results in unrestricted access to privileged operations, allowing an unauthenticated remote user to upload a replacement CUPS configuration file and mount further attacks. \n \nThis vulnerability was introduced in CUPS 1.2.0, released in 2006. All major versions of CUPS from 1.2 to 2.0 are vulnerable. This vulnerability is exploitable by default and without any special permissions other than the ability to send a print job request. \n \n[**CWE-79**](<http://cwe.mitre.org/data/definitions/79.html>)**: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - **CVE-2015-1159 \n \nA cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web._ _In certain cases, the CGI template can echo user input to file rather than escaping the text first. This may be used to set up a reflected XSS attack in the QUERY parameter of the web interface help page. By default, many linux distributions run with the web interface activated; OS X has the web interface deactivated by default. \n \nThe CVSS score below is based on CVE-2015-1158. \n \n--- \n \n### Impact\n\nCVE-2015-1158 may allow a remote unauthenticated attacker access to privileged operations on the CUPS server. CVE-2015-1159 may allow an attacker to execute arbitrary javascript in a user's browser. \n \n--- \n \n### Solution\n\n**Apply an update** \n \nA [patch](<http://www.cups.org/blog.php?L1082+I0+Q>) addressing these issues has been released for all supported versions of CUPS. For the version 2.0 branch (the latest release), 2.0.3 contains the patch. Affected users are encouraged to update as soon as possible. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple| | 06 May 2015| 08 May 2015 \nFreeBSD Project| | 08 May 2015| 10 Jun 2015 \nopenSUSE project| | 08 May 2015| 10 Jun 2015 \nSUSE Linux| | 08 May 2015| 10 Jun 2015 \nCentOS| | 08 May 2015| 08 May 2015 \nDebian GNU/Linux| | 08 May 2015| 08 May 2015 \nDesktopBSD| | 08 May 2015| 08 May 2015 \nDragonFly BSD Project| | 08 May 2015| 08 May 2015 \nEMC Corporation| | 08 May 2015| 08 May 2015 \nF5 Networks, Inc.| | 08 May 2015| 08 May 2015 \nFedora Project| | 08 May 2015| 08 May 2015 \nGentoo Linux| | 08 May 2015| 08 May 2015 \nHewlett-Packard Company| | 08 May 2015| 08 May 2015 \nHitachi| | 08 May 2015| 08 May 2015 \nIBM Corporation| | 08 May 2015| 08 May 2015 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23810572 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C \nTemporal | 7.3 | E:POC/RL:OF/RC:C \nEnvironmental | 5.5 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND \n \n### References\n\n * <http://www.cups.org/blog.php?L1082+I0+Q>\n * <https://www.cups.org/str.php?L4609>\n\n### Credit\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n * CVE IDs: [CVE-2015-1158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1158>) [CVE-2015-1159](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1159>)\n * Date Public: 08 Jun 2015\n * Date First Published: 09 Jun 2015\n * Date Last Updated: 10 Jun 2015\n * Document Revision: 42\n\n", "published": "2015-06-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/810572", "cvelist": ["CVE-2015-1158", "CVE-2015-1158", "CVE-2015-1158", "CVE-2015-1158", "CVE-2015-1158", "CVE-2015-1159", "CVE-2015-1159", "CVE-2015-1159", "CVE-2015-1159"], "lastseen": "2016-02-03T09:12:53"}], "freebsd": [{"id": "A40EC970-0EFA-11E5-90E4-D050996490D0", "type": "freebsd", "title": "cups -- multiple vulnerabilities", "description": "\nCUPS development team reports:\n\nThe new release addresses two security vulnerabilities,\n\t add localizations for German and Russian, and includes\n\t several general bug fixes. Changes include:\nSecurity: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159\n\t exploiting the dynamic linker (STR #4609)\nSecurity: The scheduler could hang with malformed\n\t gzip data (STR #4602)\n\n", "published": "2015-06-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/a40ec970-0efa-11e5-90e4-d050996490d0.html", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2016-09-26T17:24:19"}], "archlinux": [{"id": "ASA-201506-2", "type": "archlinux", "title": "cups: multiple issues", "description": "- CVE-2015-1158 (arbitrary code execution, privilege escalation)\n\nAn issue with how localized strings are handled in cupsd allows a\nreference counter to over-decrement when handling certain print job\nrequest errors. As a result, an attacker can prematurely free an\narbitrary string of global scope, creating a dangling pointer to a\nrepurposed block of memory on the heap. The dangling pointer causes ACL\nverification to fail when parsing 'admin/conf' and 'admin' ACLs. The ACL\nhandling failure results in unrestricted access to privileged\noperations, allowing an unauthenticated remote user to upload a\nreplacement CUPS configuration file and mount further attacks.\n\n- CVE-2015-1159 (cross-side scripting)\n\nA cross-site scripting bug in the CUPS templating engine allows this bug\nto be exploited when a user browses the web. In certain cases, the CGI\ntemplate can echo user input to file rather than escaping the text\nfirst. This may be used to set up a reflected XSS attack in the QUERY\nparameter of the web interface help page. By default, many linux\ndistributions run with the web interface activated.", "published": "2015-06-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html", "cvelist": ["CVE-2015-1158", "CVE-2015-1159"], "lastseen": "2016-09-02T18:44:48"}], "suse": [{"id": "OPENSUSE-SU-2015:1056-1", "type": "suse", "title": "Security update for cups (critical)", "description": "This update fixes the following issues:\n\n - CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation\n via cross-site scripting and bad print job submission used to replace\n cupsd.conf on server (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158\n CVE-2015-1159 bugzilla.suse.com bsc#924208). In general it is crucial to\n limit access to CUPS to trustworthy users who do not misuse their\n permission to submit print jobs which means to upload arbitrary data\n onto the CUPS server, see\n <a rel=\"nofollow\" href=\"https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings\">https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings</a> and cf. the\n entries about CVE-2012-5519 below.\n\n", "published": "2015-06-12T21:05:05", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "lastseen": "2016-09-04T11:30:36"}, {"id": "SUSE-SU-2015:1044-2", "type": "suse", "title": "Security update for cups154 (critical)", "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "published": "2015-06-11T20:06:22", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00008.html", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "lastseen": "2016-09-04T12:47:49"}, {"id": "SUSE-SU-2015:1044-1", "type": "suse", "title": "Security update for cups154 (critical)", "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "published": "2015-06-11T19:04:58", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "lastseen": "2016-09-04T12:36:14"}, {"id": "SUSE-SU-2015:1041-1", "type": "suse", "title": "Security update for cups (critical)", "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "published": "2015-06-11T17:05:04", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "lastseen": "2016-09-04T11:26:30"}]}}
