Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2012-19606.NASL
HistoryFeb 26, 2013 - 12:00 a.m.

Fedora 17 : cups-1.5.4-18.fc17 (2012-19606)

2013-02-2600:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.032 Low

EPSS

Percentile

91.3%

JSON

This update addresses two security issues :

  • CVE-2012-5519 (privilege escalation for users for the CUPS SystemGroup group or via polkit) is fixed by moving certain configuration keywords into a separate file, cups-files.conf, which cannot be modified by cupsd.

  • CVE-2012-6094 (configuration issue with IPv4 vs IPv6) has been fixed by dropping support for systemd socket activation via IP sockets.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2012-19606.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64882);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2012-5519", "CVE-2012-6094");
  script_bugtraq_id(56494, 57158);
  script_xref(name:"FEDORA", value:"2012-19606");

  script_name(english:"Fedora 17 : cups-1.5.4-18.fc17 (2012-19606)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update addresses two security issues :

  - CVE-2012-5519 (privilege escalation for users for the
    CUPS SystemGroup group or via polkit) is fixed by moving
    certain configuration keywords into a separate file,
    cups-files.conf, which cannot be modified by cupsd.

  - CVE-2012-6094 (configuration issue with IPv4 vs IPv6)
    has been fixed by dropping support for systemd socket
    activation via IP sockets.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=875898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=891942"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099272.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0eb637bd"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected cups package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/12/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"cups-1.5.4-18.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups");
}
VendorProductVersionCPE
fedoraprojectfedoracupsp-cpe:/a:fedoraproject:fedora:cups
fedoraprojectfedora17cpe:/o:fedoraproject:fedora:17

Related

openvas 25
fedora 2
nessus 19
ubuntucve 2
prion 2
cvelist 2
debian 1
debiancve 2
nvd 2
cve 2
redhat 1
oraclelinux 1
amazon 1
securityvulns 4
centos 1
gentoo 1
osv 1
veracode 1
ubuntu 1
suse 4
openvas
openvas
Fedora Update for cups FEDORA-2012-19606
2013-03-01 00:00:00
Fedora Update for cups FEDORA-2012-19606
2013-03-01 00:00:00
Ubuntu Update for cups USN-1654-1
2012-12-06 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: cups-1.5.4-18.fc17
2013-02-26 02:42:00
[SECURITY] Fedora 18 Update: cups-1.5.4-20.fc18
2013-01-12 01:01:29
nessus
nessus
Mandriva Linux Security Advisory : cups (MDVSA-2013:034)
2013-04-20 00:00:00
SuSE 11.2 / 11.3 Security Update : CUPS (SAT Patch Numbers 8436 / 8437)
2013-11-12 00:00:00
Mandriva Linux Security Advisory : cups (MDVSA-2012:179)
2012-12-13 00:00:00
ubuntucve
ubuntucve
CVE-2012-6094
2019-12-20 00:00:00
CVE-2012-5519
2012-11-19 00:00:00
prion
prion
Design/Logic Flaw
2019-12-20 15:15:00
Design/Logic Flaw
2012-11-20 00:55:00
cvelist
cvelist
CVE-2012-6094
2019-12-20 14:07:15
CVE-2012-5519
2012-11-20 00:00:00
debian
debian
[SECURITY] [DSA 2600-1] cups security update
2013-01-06 17:33:19
debiancve
debiancve
CVE-2012-5519
2012-11-20 00:55:01
CVE-2012-6094
2019-12-20 15:15:11
nvd
nvd
CVE-2012-6094
2019-12-20 15:15:11
CVE-2012-5519
2012-11-20 00:55:01
cve
cve
CVE-2012-6094
2019-12-20 15:15:11
CVE-2012-5519
2012-11-20 00:55:01
redhat
redhat
(RHSA-2013:0580) Moderate: cups security update
2013-02-28 00:00:00
oraclelinux
oraclelinux
cups security update
2013-02-28 00:00:00
amazon
amazon
Medium: cups
2013-03-14 22:04:00
securityvulns
securityvulns
[USN-1654-1] CUPS vulnerability
2012-12-07 00:00:00
CUPS privilege escalation
2012-12-07 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
centos
centos
cups security update
2013-03-01 10:00:14
gentoo
gentoo
CUPS: Arbitrary file read/write
2014-04-07 00:00:00
osv
osv
cups - privilege escalation
2013-01-06 00:00:00
veracode
veracode
Arbitrary File Write
2019-01-15 08:58:43
ubuntu
ubuntu
CUPS vulnerability
2012-12-05 00:00:00
suse
suse
Security update for cups (critical)
2015-06-11 17:05:04
Security update for cups (critical)
2015-06-12 21:05:05
Security update for cups154 (critical)
2015-06-11 19:04:58

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.032 Low

EPSS

Percentile

91.3%

JSON
Related for FEDORA_2012-19606.NASL
openvas25fedora2nessus19ubuntucve2prion2cvelist2debian1debiancve2nvd2cve2redhat1oraclelinux1amazon1securityvulns4centos1gentoo1osv1veracode1ubuntu1suse4