ID REDHAT-RHSA-2013-0580.NASL Type nessus Reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2013-03-01T00:00:00
Description
Updated cups packages that fix one security issue are now available
for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.
The Common UNIX Printing System (CUPS) provides a portable printing
layer for Linux, UNIX, and similar operating systems.
It was discovered that CUPS administrative users (members of the
SystemGroups groups) who are permitted to perform CUPS configuration
changes via the CUPS web interface could manipulate the CUPS
configuration to gain unintended privileges. Such users could read or
write arbitrary files with the privileges of the CUPS daemon, possibly
allowing them to run arbitrary code with root privileges.
(CVE-2012-5519)
After installing this update, the ability to change certain CUPS
configuration directives remotely will be disabled by default. The
newly introduced ConfigurationChangeRestriction directive can be used
to enable the changing of the restricted directives remotely. Refer to
Red Hat Bugzilla bug 875898 for more details and the list of
restricted directives.
All users of cups are advised to upgrade to these updated packages,
which contain a backported patch to resolve this issue. After
installing this update, the cupsd daemon will be restarted
automatically.
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:0580. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(64944);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/24");
script_cve_id("CVE-2012-5519");
script_bugtraq_id(56494);
script_xref(name:"RHSA", value:"2013:0580");
script_name(english:"RHEL 5 / 6 : cups (RHSA-2013:0580)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated cups packages that fix one security issue are now available
for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.
The Common UNIX Printing System (CUPS) provides a portable printing
layer for Linux, UNIX, and similar operating systems.
It was discovered that CUPS administrative users (members of the
SystemGroups groups) who are permitted to perform CUPS configuration
changes via the CUPS web interface could manipulate the CUPS
configuration to gain unintended privileges. Such users could read or
write arbitrary files with the privileges of the CUPS daemon, possibly
allowing them to run arbitrary code with root privileges.
(CVE-2012-5519)
After installing this update, the ability to change certain CUPS
configuration directives remotely will be disabled by default. The
newly introduced ConfigurationChangeRestriction directive can be used
to enable the changing of the restricted directives remotely. Refer to
Red Hat Bugzilla bug 875898 for more details and the list of
restricted directives.
All users of cups are advised to upgrade to these updated packages,
which contain a backported patch to resolve this issue. After
installing this update, the cupsd daemon will be restarted
automatically."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2013:0580"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2012-5519"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-lpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-php");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/19");
script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2013:0580";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cups-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cups-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cups-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL5", reference:"cups-debuginfo-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL5", reference:"cups-devel-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL5", reference:"cups-libs-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cups-lpd-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cups-lpd-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cups-lpd-1.3.7-30.el5_9.3")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"cups-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"cups-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"cups-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", reference:"cups-debuginfo-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", reference:"cups-devel-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", reference:"cups-libs-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"cups-lpd-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"cups-lpd-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"cups-lpd-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"cups-php-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"cups-php-1.4.2-50.el6_4.4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"cups-php-1.4.2-50.el6_4.4")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd / etc");
}
}
{"id": "REDHAT-RHSA-2013-0580.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : cups (RHSA-2013:0580)", "description": "Updated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for Linux, UNIX, and similar operating systems.\n\nIt was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS\nconfiguration to gain unintended privileges. Such users could read or\nwrite arbitrary files with the privileges of the CUPS daemon, possibly\nallowing them to run arbitrary code with root privileges.\n(CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The\nnewly introduced ConfigurationChangeRestriction directive can be used\nto enable the changing of the restricted directives remotely. Refer to\nRed Hat Bugzilla bug 875898 for more details and the list of\nrestricted directives.\n\nAll users of cups are advised to upgrade to these updated packages,\nwhich contain a backported patch to resolve this issue. After\ninstalling this update, the cupsd daemon will be restarted\nautomatically.", "published": "2013-03-01T00:00:00", "modified": "2013-03-01T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/64944", "reporter": "This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/errata/RHSA-2013:0580", "https://access.redhat.com/security/cve/cve-2012-5519"], "cvelist": ["CVE-2012-5519"], "type": "nessus", "lastseen": "2020-09-25T09:14:38", "edition": 23, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-5519"]}, {"type": "amazon", "idList": ["ALAS-2013-170"]}, {"type": "gentoo", "idList": ["GLSA-201404-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0580"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28801", "SECURITYVULNS:DOC:29464", "SECURITYVULNS:VULN:12746", "SECURITYVULNS:VULN:13126"]}, {"type": "openvas", "idList": ["OPENVAS:881674", "OPENVAS:1361412562310120554", "OPENVAS:1361412562310870948", "OPENVAS:870948", "OPENVAS:1361412562310881674", "OPENVAS:1361412562310892600", "OPENVAS:1361412562310831756", "OPENVAS:831756", "OPENVAS:1361412562310121169", "OPENVAS:1361412562310881616"]}, {"type": "centos", "idList": ["CESA-2013:0580"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2600-1:28E3F"]}, {"type": "ubuntu", "idList": ["USN-1654-1"]}, {"type": "redhat", "idList": ["RHSA-2013:0580"]}, {"type": "fedora", "idList": ["FEDORA:21DDB22107", "FEDORA:8CC6B20C5D"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2013-0580.NASL", "ALA_ALAS-2013-170.NASL", "SUSE_11_CUPS-131016.NASL", "MANDRIVA_MDVSA-2012-179.NASL", "SL_20130228_CUPS_ON_SL5_X.NASL", "GENTOO_GLSA-201404-01.NASL", "FEDORA_2012-19301.NASL", "DEBIAN_DSA-2600.NASL", "CUPS_1_6_2.NASL", "ORACLELINUX_ELSA-2013-0580.NASL"]}, {"type": "metasploit", "idList": ["MSF:POST/MULTI/ESCALATE/CUPS_ROOT_FILE_READ"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1056-1", "SUSE-SU-2015:1044-2", "SUSE-SU-2015:1044-1", "SUSE-SU-2015:1041-1"]}], "modified": "2020-09-25T09:14:38", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2020-09-25T09:14:38", "rev": 2}, "vulnersScore": 6.6}, "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0580. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64944);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n script_xref(name:\"RHSA\", value:\"2013:0580\");\n\n script_name(english:\"RHEL 5 / 6 : cups (RHSA-2013:0580)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for Linux, UNIX, and similar operating systems.\n\nIt was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS\nconfiguration to gain unintended privileges. Such users could read or\nwrite arbitrary files with the privileges of the CUPS daemon, possibly\nallowing them to run arbitrary code with root privileges.\n(CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The\nnewly introduced ConfigurationChangeRestriction directive can be used\nto enable the changing of the restricted directives remotely. Refer to\nRed Hat Bugzilla bug 875898 for more details and the list of\nrestricted directives.\n\nAll users of cups are advised to upgrade to these updated packages,\nwhich contain a backported patch to resolve this issue. After\ninstalling this update, the cupsd daemon will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5519\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0580\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"cups-1.3.7-30.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"cups-1.3.7-30.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"cups-1.3.7-30.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"cups-debuginfo-1.3.7-30.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"cups-devel-1.3.7-30.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"cups-libs-1.3.7-30.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"cups-lpd-1.3.7-30.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"cups-lpd-1.3.7-30.el5_9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"cups-lpd-1.3.7-30.el5_9.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cups-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cups-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cups-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"cups-debuginfo-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"cups-devel-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"cups-libs-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cups-lpd-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cups-lpd-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cups-lpd-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cups-php-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cups-php-1.4.2-50.el6_4.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cups-php-1.4.2-50.el6_4.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "64944", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cups-debuginfo", "p-cpe:/a:redhat:enterprise_linux:cups-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:cups", "p-cpe:/a:redhat:enterprise_linux:cups-libs", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:cups-php", "p-cpe:/a:redhat:enterprise_linux:cups-lpd"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T12:06:11", "description": "CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.", "edition": 3, "cvss3": {}, "published": "2012-11-20T00:55:00", "title": "CVE-2012-5519", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5519"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:apple:cups:1.4.4"], "id": "CVE-2012-5519", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5519", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-26T11:10:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "Check for the Version of cups", "modified": "2018-01-25T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:881674", "href": "http://plugins.openvas.org/nasl.php?oid=881674", "type": "openvas", "title": "CentOS Update for cups CESA-2013:0580 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2013:0580 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for Linux, UNIX, and similar operating systems.\n\n It was discovered that CUPS administrative users (members of the\n SystemGroups groups) who are permitted to perform CUPS configuration\n changes via the CUPS web interface could manipulate the CUPS configuration\n to gain unintended privileges. Such users could read or write arbitrary\n files with the privileges of the CUPS daemon, possibly allowing them to\n run arbitrary code with root privileges. (CVE-2012-5519)\n \n After installing this update, the ability to change certain CUPS\n configuration directives remotely will be disabled by default. The newly\n introduced ConfigurationChangeRestriction directive can be used to enable\n the changing of the restricted directives remotely. Refer to Red Hat\n Bugzilla bug 875898 for more details and the list of restricted directives.\n \n All users of cups are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the cupsd daemon will be restarted automatically.\";\n\n\ntag_affected = \"cups on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019616.html\");\n script_id(881674);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:02:13 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-5519\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0580\");\n script_name(\"CentOS Update for cups CESA-2013:0580 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.2~50.el6_4.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.4.2~50.el6_4.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.4.2~50.el6_4.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.4.2~50.el6_4.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.4.2~50.el6_4.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T23:02:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120554", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120554", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-170)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120554\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:29 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-170)\");\n script_tag(name:\"insight\", value:\"It was discovered that CUPS administrative users (members of the SystemGroups groups) who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges. (CVE-2012-5519 )After installing this update, the ability to change certain CUPS configuration directives remotely will be disabled by default. The newly introduced ConfigurationChangeRestriction directive can be used to enable the changing of the restricted directives remotely.\");\n script_tag(name:\"solution\", value:\"Run yum update cups to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-170.html\");\n script_cve_id(\"CVE-2012-5519\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.4.2~50.18.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.4.2~50.18.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.4.2~50.18.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.4.2~50.18.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.4.2~50.18.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.2~50.18.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-05T00:00:00", "id": "OPENVAS:1361412562310881616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881616", "type": "openvas", "title": "CentOS Update for cups CESA-2013:0580 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2013:0580 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019261.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881616\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:43:15 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2012-5519\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0580\");\n script_name(\"CentOS Update for cups CESA-2013:0580 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"cups on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for Linux, UNIX, and similar operating systems.\n\n It was discovered that CUPS administrative users (members of the\n SystemGroups groups) who are permitted to perform CUPS configuration\n changes via the CUPS web interface could manipulate the CUPS configuration\n to gain unintended privileges. Such users could read or write arbitrary\n files with the privileges of the CUPS daemon, possibly allowing them to\n run arbitrary code with root privileges. (CVE-2012-5519)\n\n After installing this update, the ability to change certain CUPS\n configuration directives remotely will be disabled by default. The newly\n introduced ConfigurationChangeRestriction directive can be used to enable\n the changing of the restricted directives remotely. Refer to Red Hat\n Bugzilla bug 875898 for more details and the list of restricted directives.\n\n All users of cups are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the cupsd daemon will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~30.el5_9.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~30.el5_9.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~30.el5_9.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~30.el5_9.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:58:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "Check for the Version of cups", "modified": "2018-01-01T00:00:00", "published": "2012-12-14T00:00:00", "id": "OPENVAS:831756", "href": "http://plugins.openvas.org/nasl.php?oid=831756", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2012:179 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2012:179 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in cups:\n\n CUPS 1.4.4, when running in certain Linux distributions such as\n Debian GNU/Linux, stores the web interface administrator key in\n /var/run/cups/certs/0 using certain permissions, which allows local\n users in the lpadmin group to read or write arbitrary files as root\n by leveraging the web interface (CVE-2012-5519).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"cups on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:179\");\n script_id(831756);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-14 09:52:30 +0530 (Fri, 14 Dec 2012)\");\n script_cve_id(\"CVE-2012-5519\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:179\");\n script_name(\"Mandriva Update for cups MDVSA-2012:179 (cups)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "Oracle Linux Local Security Checks ELSA-2013-0580", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123686", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123686", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0580", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0580.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123686\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:13 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0580\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0580 - cups security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0580\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0580.html\");\n script_cve_id(\"CVE-2012-5519\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~30.el5_9.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~30.el5_9.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~30.el5_9.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~30.el5_9.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.2~50.el6_4.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.4.2~50.el6_4.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.4.2~50.el6_4.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.4.2~50.el6_4.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.4.2~50.el6_4.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "Jann Horn discovered that users of the CUPS printing system who are part\nof the lpadmin group could modify several configuration parameters with\nsecurity impact. Specifically, this allows an attacker to read or write\narbitrary files as root which can be used to elevate privileges.\n\nThis update splits the configuration file /etc/cups/cupsd.conf into two\nfiles: cupsd.conf and cups-files.conf. While the first stays configurable\nvia the web interface, the latter can only be configured by the root user.\nPlease see the updated documentation that comes with the new package\nfor more information on these files.", "modified": "2017-07-07T00:00:00", "published": "2013-01-06T00:00:00", "id": "OPENVAS:892600", "href": "http://plugins.openvas.org/nasl.php?oid=892600", "type": "openvas", "title": "Debian Security Advisory DSA 2600-1 (cups - privilege escalation)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2600.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2600-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"cups on Debian Linux\";\ntag_insight = \"The Common UNIX Printing System (or CUPS(tm)) is a printing system and\ngeneral replacement for lpd and the like. It supports the Internet\nPrinting Protocol (IPP), and has its own filtering driver model for\nhandling various document types.\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.4-7+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.5.3-2.7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.3-2.7.\n\nWe recommend that you upgrade your cups packages.\";\ntag_summary = \"Jann Horn discovered that users of the CUPS printing system who are part\nof the lpadmin group could modify several configuration parameters with\nsecurity impact. Specifically, this allows an attacker to read or write\narbitrary files as root which can be used to elevate privileges.\n\nThis update splits the configuration file /etc/cups/cupsd.conf into two\nfiles: cupsd.conf and cups-files.conf. While the first stays configurable\nvia the web interface, the latter can only be configured by the root user.\nPlease see the updated documentation that comes with the new package\nfor more information on these files.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892600);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-5519\");\n script_name(\"Debian Security Advisory DSA 2600-1 (cups - privilege escalation)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-06 00:00:00 +0100 (Sun, 06 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.2\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2600.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:09:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "Check for the Version of cups", "modified": "2018-01-19T00:00:00", "published": "2013-03-05T00:00:00", "id": "OPENVAS:881616", "href": "http://plugins.openvas.org/nasl.php?oid=881616", "type": "openvas", "title": "CentOS Update for cups CESA-2013:0580 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2013:0580 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for Linux, UNIX, and similar operating systems.\n\n It was discovered that CUPS administrative users (members of the\n SystemGroups groups) who are permitted to perform CUPS configuration\n changes via the CUPS web interface could manipulate the CUPS configuration\n to gain unintended privileges. Such users could read or write arbitrary\n files with the privileges of the CUPS daemon, possibly allowing them to\n run arbitrary code with root privileges. (CVE-2012-5519)\n\n After installing this update, the ability to change certain CUPS\n configuration directives remotely will be disabled by default. The newly\n introduced ConfigurationChangeRestriction directive can be used to enable\n the changing of the restricted directives remotely. Refer to Red Hat\n Bugzilla bug 875898 for more details and the list of restricted directives.\n\n All users of cups are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the cupsd daemon will be restarted automatically.\";\n\n\ntag_affected = \"cups on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019261.html\");\n script_id(881616);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:43:15 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2012-5519\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0580\");\n script_name(\"CentOS Update for cups CESA-2013:0580 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~30.el5_9.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~30.el5_9.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~30.el5_9.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~30.el5_9.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1654-1", "modified": "2017-12-01T00:00:00", "published": "2012-12-06T00:00:00", "id": "OPENVAS:841241", "href": "http://plugins.openvas.org/nasl.php?oid=841241", "type": "openvas", "title": "Ubuntu Update for cups USN-1654-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1654_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for cups USN-1654-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that users in the lpadmin group could modify certain CUPS\n configuration options to escalate privileges. An attacker could use this to\n potentially gain root privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1654-1\";\ntag_affected = \"cups on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1654-1/\");\n script_id(841241);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-06 10:26:11 +0530 (Thu, 06 Dec 2012)\");\n script_cve_id(\"CVE-2012-5519\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1654-1\");\n script_name(\"Ubuntu Update for cups USN-1654-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.5.3-0ubuntu5.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.5.0-8ubuntu7.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.4.3-1ubuntu1.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.16\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.6.1-0ubuntu11.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "Jann Horn discovered that users of the CUPS printing system who are part\nof the lpadmin group could modify several configuration parameters with\nsecurity impact. Specifically, this allows an attacker to read or write\narbitrary files as root which can be used to elevate privileges.\n\nThis update splits the configuration file /etc/cups/cupsd.conf into two\nfiles: cupsd.conf and cups-files.conf. While the first stays configurable\nvia the web interface, the latter can only be configured by the root user.\nPlease see the updated documentation that comes with the new package\nfor more information on these files.", "modified": "2019-03-18T00:00:00", "published": "2013-01-06T00:00:00", "id": "OPENVAS:1361412562310892600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892600", "type": "openvas", "title": "Debian Security Advisory DSA 2600-1 (cups - privilege escalation)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2600.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2600-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892600\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-5519\");\n script_name(\"Debian Security Advisory DSA 2600-1 (cups - privilege escalation)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-06 00:00:00 +0100 (Sun, 06 Jan 2013)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2600.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"cups on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.4-7+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.5.3-2.7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.3-2.7.\n\nWe recommend that you upgrade your cups packages.\");\n script_tag(name:\"summary\", value:\"Jann Horn discovered that users of the CUPS printing system who are part\nof the lpadmin group could modify several configuration parameters with\nsecurity impact. Specifically, this allows an attacker to read or write\narbitrary files as root which can be used to elevate privileges.\n\nThis update splits the configuration file /etc/cups/cupsd.conf into two\nfiles: cupsd.conf and cups-files.conf. While the first stays configurable\nvia the web interface, the latter can only be configured by the root user.\nPlease see the updated documentation that comes with the new package\nfor more information on these files.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"cups\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.4.4-7+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cups-ppdc\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cupsddk\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupscgi1\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupscgi1-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsdriver1\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsdriver1-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsmime1\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsmime1-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsppdc1\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcupsppdc1-dev\", ver:\"1.5.3-2.7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-12-14T00:00:00", "id": "OPENVAS:1361412562310831756", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831756", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2012:179 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2012:179 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:179\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831756\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-14 09:52:30 +0530 (Fri, 14 Dec 2012)\");\n script_cve_id(\"CVE-2012-5519\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:179\");\n script_name(\"Mandriva Update for cups MDVSA-2012:179 (cups)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"cups on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability was discovered and corrected in cups:\n\n CUPS 1.4.4, when running in certain Linux distributions such as\n Debian GNU/Linux, stores the web interface administrator key in\n /var/run/cups/certs/0 using certain permissions, which allows local\n users in the lpadmin group to read or write arbitrary files as root\n by leveraging the web interface (CVE-2012-5519).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.4.8~2.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-10-30T13:19:16", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0580\n\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor Linux, UNIX, and similar operating systems.\n\nIt was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS configuration\nto gain unintended privileges. Such users could read or write arbitrary\nfiles with the privileges of the CUPS daemon, possibly allowing them to\nrun arbitrary code with root privileges. (CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The newly\nintroduced ConfigurationChangeRestriction directive can be used to enable\nthe changing of the restricted directives remotely. Refer to Red Hat\nBugzilla bug 875898 for more details and the list of restricted directives.\n\nAll users of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031299.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031654.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/007011.html\n\n**Affected packages:**\ncups\ncups-devel\ncups-libs\ncups-lpd\ncups-php\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0580.html", "edition": 87, "modified": "2013-03-09T00:44:52", "published": "2013-03-01T10:00:14", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/031299.html", "id": "CESA-2013:0580", "title": "cups security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-5519"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1654-1\r\nDecember 05, 2012\r\n\r\ncups, cupsys vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nCUPS could be made to read files or run programs as an administrator.\r\n\r\nSoftware Description:\r\n- cups: Common UNIX Printing System(tm)\r\n- cupsys: Common UNIX Printing System(tm)\r\n\r\nDetails:\r\n\r\nIt was discovered that users in the lpadmin group could modify certain CUPS\r\nconfiguration options to escalate privileges. An attacker could use this to\r\npotentially gain root privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n cups 1.6.1-0ubuntu11.3\r\n\r\nUbuntu 12.04 LTS:\r\n cups 1.5.3-0ubuntu5.1\r\n\r\nUbuntu 11.10:\r\n cups 1.5.0-8ubuntu7.3\r\n\r\nUbuntu 10.04 LTS:\r\n cups 1.4.3-1ubuntu1.9\r\n\r\nUbuntu 8.04 LTS:\r\n cupsys 1.3.7-1ubuntu3.16\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nThis update adds the new cups-files.conf configuration file for privileged\r\nCUPS settings. In certain customized environments, these settings may need\r\nto be manually moved to this new file. For more information, please see the\r\nupdated documentation installed with this package and inspect the CUPS\r\nerror log.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1654-1\r\n CVE-2012-5519\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.3\r\n https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu5.1\r\n https://launchpad.net/ubuntu/+source/cups/1.5.0-8ubuntu7.3\r\n https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.9\r\n https://launchpad.net/ubuntu/+source/cupsys/1.3.7-1ubuntu3.16\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28801", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28801", "title": "[USN-1654-1] CUPS vulnerability", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-5519"], "description": "Weak permissions for configuration files.", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:VULN:12746", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12746", "title": "CUPS privilege escalation", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-0989", "CVE-2013-0975", "CVE-2013-1854", "CVE-2013-0276", "CVE-2013-0982", "CVE-2013-1856", "CVE-2013-0984", "CVE-2013-1855", "CVE-2013-0983", "CVE-2013-0985", "CVE-2012-5519", "CVE-2012-4929", "CVE-2013-0986", "CVE-2013-0990", "CVE-2013-0277", "CVE-2013-0155", "CVE-2013-0987", "CVE-2013-0333", "CVE-2013-1857", "CVE-2013-0988", "CVE-2013-1024"], "description": "Information leakage, memory corruption on graphics and video formats parsing, privilege escalation, different libraries vulnerabilities.", "edition": 1, "modified": "2013-06-17T00:00:00", "published": "2013-06-17T00:00:00", "id": "SECURITYVULNS:VULN:13126", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13126", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "cvelist": ["CVE-2011-3210", "CVE-2013-0989", "CVE-2012-2333", "CVE-2013-0975", "CVE-2012-2131", "CVE-2013-1854", "CVE-2011-4108", "CVE-2013-0276", "CVE-2013-0982", "CVE-2011-4576", "CVE-2013-1856", "CVE-2013-0984", "CVE-2011-4577", "CVE-2013-1855", "CVE-2013-0983", "CVE-2011-4619", "CVE-2013-0985", "CVE-2012-5519", "CVE-2012-4929", "CVE-2013-0986", "CVE-2012-0050", "CVE-2013-0990", "CVE-2013-0277", "CVE-2013-0155", "CVE-2012-2110", "CVE-2013-0987", "CVE-2011-3207", "CVE-2013-0333", "CVE-2013-1857", "CVE-2013-0988", "CVE-2011-4109", "CVE-2011-1945", "CVE-2013-1024"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update\r\n2013-002\r\n\r\nOS X Mountain Lion v10.8.4 and Security Update 2013-002 is now\r\navailable and addresses the following:\r\n\r\nCFNetwork\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: An attacker with access to a user's session may be able to\r\nlog into previously accessed sites, even if Private Browsing was used\r\nDescription: Permanent cookies were saved after quitting Safari,\r\neven when Private Browsing was enabled. This issue was addressed by\r\nimproved handling of cookies.\r\nCVE-ID\r\nCVE-2013-0982 : Alexander Traud of www.traud.de\r\n\r\nCoreAnimation\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Visiting a maliciously crafted site may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An unbounded stack allocation issue existed in the\r\nhandling of text glyphs. This could be triggered by maliciously\r\ncrafted URLs in Safari. The issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2013-0983 : David Fifield of Stanford University, Ben Syverson\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Lion v10.7 to v10.7.5,\r\nOS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of text tracks. This issue was addressed by additional\r\nvalidation of text tracks.\r\nCVE-ID\r\nCVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation\r\n\r\nCUPS\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: A local user in the lpadmin group may be able to read or\r\nwrite arbitrary files with system privileges\r\nDescription: A privilege escalation issue existed in the handling of\r\nCUPS configuration via the CUPS web interface. A local user in the\r\nlpadmin group may be able to read or write arbitrary files with\r\nsystem privileges. This issue was addressed by moving certain\r\nconfiguration directives to cups-files.conf, which can not be\r\nmodified from the CUPS web interface.\r\nCVE-ID\r\nCVE-2012-5519\r\n\r\nDirectory Service\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\r\nImpact: A remote attacker may execute arbitrary code with system\r\nprivileges on systems with Directory Service enabled\r\nDescription: An issue existed in the directory server's handling of\r\nmessages from the network. By sending a maliciously crafted message,\r\na remote attacker could cause the directory server to terminate or\r\nexecute arbitrary code with system privileges. This issue was\r\naddressed through improved bounds checking. This issue does not\r\naffect OS X Lion or OS X Mountain Lion systems.\r\nCVE-ID\r\nCVE-2013-0984 : Nicolas Economou of Core Security\r\n\r\nDisk Management\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: A local user may disable FileVault\r\nDescription: A local user who is not an administrator may disable\r\nFileVault using the command-line. This issue was addressed by adding\r\nadditional authentication.\r\nCVE-ID\r\nCVE-2013-0985\r\n\r\nOpenSSL\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There were known attacks on the confidentiality of TLS\r\n1.0 when compression was enabled. This issue was addressed by\r\ndisabling compression in OpenSSL.\r\nCVE-ID\r\nCVE-2012-4929 : Juliano Rizzo and Thai Duong\r\n\r\nOpenSSL\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Multiple vulnerabilities in OpenSSL\r\nDescription: OpenSSL was updated to version 0.9.8x to address\r\nmultiple vulnerabilities, which may lead to denial of service or\r\ndisclosure of a private key. Further information is available via the\r\nOpenSSL website at http://www.openssl.org/news/\r\nCVE-ID\r\nCVE-2011-1945\r\nCVE-2011-3207\r\nCVE-2011-3210\r\nCVE-2011-4108\r\nCVE-2011-4109\r\nCVE-2011-4576\r\nCVE-2011-4577\r\nCVE-2011-4619\r\nCVE-2012-0050\r\nCVE-2012-2110\r\nCVE-2012-2131\r\nCVE-2012-2333\r\n\r\nQuickDraw Manager\r\nAvailable for: OS X Lion v10.7 to v10.7.5,\r\nOS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Opening a maliciously crafted PICT image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PICT\r\nimages. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0975 : Tobias Klein working with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'enof'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Viewing a maliciously crafted QTIF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nQTIF files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-0987 : roob working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Viewing a maliciously crafted FPX file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of FPX files.\r\nThis issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.3\r\nImpact: Playing a maliciously crafted MP3 file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of MP3 files.\r\nThis issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0989 : G. Geshev working with HP's Zero Day Initiative\r\n\r\nRuby\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\r\nImpact: Multiple vulnerabilities in Ruby on Rails\r\nDescription: Multiple vulnerabilities existed in Ruby on Rails, the\r\nmost serious of which may lead to arbitrary code execution on systems\r\nrunning Ruby on Rails applications. These issues were addressed by\r\nupdating Ruby on Rails to version 2.3.18. This issue may affect OS X\r\nLion or OS X Mountain Lion systems that were upgraded from Mac OS X\r\n10.6.8 or earlier. Users can update affected gems on such systems by\r\nusing the /usr/bin/gem utility.\r\nCVE-ID\r\nCVE-2013-0155\r\nCVE-2013-0276\r\nCVE-2013-0277\r\nCVE-2013-0333\r\nCVE-2013-1854\r\nCVE-2013-1855\r\nCVE-2013-1856\r\nCVE-2013-1857\r\n\r\nSMB\r\nAvailable for: OS X Lion v10.7 to v10.7.5,\r\nOS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.3\r\nImpact: An authenticated user may be able to write files outside the\r\nshared directory\r\nDescription: If SMB file sharing is enabled, an authenticated user\r\nmay be able to write files outside the shared directory. This issue\r\nwas addressed through improved access control.\r\nCVE-ID\r\nCVE-2013-0990 : Ward van Wanrooij\r\n\r\nNote: Starting with OS X 10.8.4, Java Web Start (i.e. JNLP)\r\napplications downloaded from the Internet need to be signed with\r\na Developer ID certificate. Gatekeeper will check downloaded\r\nJava Web Start applications for a signature and block such\r\napplications from launching if they are not properly signed.\r\n\r\nNote: OS X Mountain Lion v10.8.4 includes the content of\r\nSafari 6.0.5. For further details see "About the security content\r\nof Safari 6.0.5" at http://http//support.apple.com/kb/HT5785\r\n\r\nOS X Mountain Lion v10.8.4 and Security Update 2013-002 may be\r\nobtained from the Software Update pane in System Preferences,\r\nor Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nOS X Mountain Lion v10.8.4, or Security Update\r\n2013-002.\r\n\r\nFor OS X Mountain Lion v10.8.3\r\nThe download file is named: OSXUpd10.8.4.dmg\r\nIts SHA-1 digest is: 9cf99aa1293cefdac0fb9a24ea133c80f8237b5e\r\n\r\nFor OS X Mountain Lion v10.8 and v10.8.2\r\nThe download file is named: OSXUpdCombo10.8.4.dmg\r\nIts SHA-1 digest is: 3c95d0c8d0c7f43339a5f4e137e386dd5fe409c3\r\n\r\nFor OS X Lion v10.7.5\r\nThe download file is named: SecUpd2013-002.dmg\r\nIts SHA-1 digest is: cfc3bd0941d7c5838aee9e92ee087d78abff3ce7\r\n\r\nFor OS X Lion Server v10.7.5\r\nThe download file is named: SecUpdSrvr2013-002.dmg\r\nIts SHA-1 digest is: 34dff575a145e13404e7a2ee8a390d3e7c56fb5e\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2013-002.dmg\r\nIts SHA-1 digest is: 5da54b38ffb8c147925c3018a8f5bf30ad4ac5b1\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2013-002.dmg\r\nIts SHA-1 digest is: b20271f019930fe894c2247a6d5e05f00568b583\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJRrjkiAAoJEPefwLHPlZEwW+AP/0x/cHS3VPY0/a98Xpmdfkdb\r\neo9Ns5FKw6mIkUftrN6qwNAgFXWqQXNIbJ3q8ZnoxcFPakhYyPSp4XowpR79l7kG\r\nB2ZrdTx9aIn2bfHZ+h4cE8XnVL8qUDz2RxFopOGbb+wpJxl8/fehDmWokC5wCeF5\r\nN7mnwW2s37QL73BmAMRdi6CYcJCKwhZWGFWmqiNvpFlUP+kcjU/UM1MAzOu0xsiA\r\nPD6NrWeUOWfFrcQgx/pspWGvrFyV4FLu+0wQBl9f/DiQNrwVXIr85rHtah+b1NCU\r\npteSxQwb4kRojXdPm4+I3LKoghzGR8xD6+Xl6KdYgReSW89Di4bKM3WpbRLqhRuq\r\n8kv38Gk3/vZDfAnuNQX09dE6EgJ0DVu86SoRQZ1iYRQoLrizVsOvyVQUojZhT47t\r\n6l44L/5cNJd7EcaC8hdmr44cCZdMPDEqoKzn2BavH62WYXbZMPlHBDo/H2ujUUec\r\ni7XU7LA1Upw57X4wmIUU4QrlBhNBh39yRKh3katAklayFBjOMEyyL57gURvd6O77\r\ngFOQpUQ6kgqwgQCrtNT6R96igfyu7cVxYW7XchZDHgA3n/YWOAVvXkVeeQ5OUGzC\r\nO0UYLMBpPka31yfWP23QaXpV+LW462raI6LnMvRP1245RhokTTThZw6/9xochK2V\r\n+VoeoamqaQqZGyOiObbU\r\n=vG2v\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-06-17T00:00:00", "published": "2013-06-17T00:00:00", "id": "SECURITYVULNS:DOC:29464", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29464", "title": "APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:35:32", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519"], "description": "**Issue Overview:**\n\nIt was discovered that CUPS administrative users (members of the SystemGroups groups) who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges. ([CVE-2012-5519 __](<https://access.redhat.com/security/cve/CVE-2012-5519>))\n\nAfter installing this update, the ability to change certain CUPS configuration directives remotely will be disabled by default. The newly introduced ConfigurationChangeRestriction directive can be used to enable the changing of the restricted directives remotely.\n\n \n**Affected Packages:** \n\n\ncups\n\n \n**Issue Correction:** \nRun _yum update cups_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n cups-debuginfo-1.4.2-50.18.amzn1.i686 \n cups-libs-1.4.2-50.18.amzn1.i686 \n cups-devel-1.4.2-50.18.amzn1.i686 \n cups-lpd-1.4.2-50.18.amzn1.i686 \n cups-php-1.4.2-50.18.amzn1.i686 \n cups-1.4.2-50.18.amzn1.i686 \n \n src: \n cups-1.4.2-50.18.amzn1.src \n \n x86_64: \n cups-1.4.2-50.18.amzn1.x86_64 \n cups-devel-1.4.2-50.18.amzn1.x86_64 \n cups-php-1.4.2-50.18.amzn1.x86_64 \n cups-debuginfo-1.4.2-50.18.amzn1.x86_64 \n cups-lpd-1.4.2-50.18.amzn1.x86_64 \n cups-libs-1.4.2-50.18.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-03-14T22:04:00", "published": "2013-03-14T22:04:00", "id": "ALAS-2013-170", "href": "https://alas.aws.amazon.com/ALAS-2013-170.html", "title": "Medium: cups", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519"], "edition": 1, "description": "### Background\n\nCUPS, the Common Unix Printing System, is a full-featured print server.\n\n### Description\n\nMembers of the lpadmin group have admin access to the web interface, where they can edit the config file and set some \u201cdangerous\u201d directives (like the logfilenames), which enable them to read or write files as the user running the CUPS webserver. \n\n### Impact\n\nA local attacker could possibly exploit this vulnerability to read or write files as the user running the CUPS webserver. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll CUPS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.6.2-r5\"", "modified": "2014-04-07T00:00:00", "published": "2014-04-07T00:00:00", "id": "GLSA-201404-01", "href": "https://security.gentoo.org/glsa/201404-01", "type": "gentoo", "title": "CUPS: Arbitrary file read/write", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519"], "description": "[1:1.4.2-50:.4]\n- Added BrowseLDAPCACertFile and PrintcapGUI to restricted options\n list.\n[1:1.4.2-50:.3]\n- Fix for CVE-2012-5519 patch: handle blacklisted lines that have no\n value part gracefully.\n[1:1.4.2-50:.2]\n- Added documentation for new CVE-2012-5519 option.\n[1:1.4.2-50:.1]\n- Applied patch to fix CVE-2012-5519 (privilege escalation for users\n in SystemGroup or with equivalent polkit permission). This prevents\n HTTP PUT requests with paths under /admin/conf/ other than that for\n cupsd.conf, and also prevents such requests altering certain\n configuration directives such as PageLog and FileDevice (bug #875898).\n[1:1.4.2-50]\n- Fixed LDAP browsing issues (bug #870386).\n[1:1.4.2-49]\n- Avoid 'forbidden' error when moving job between queues via web UI\n (bug #834445).", "edition": 4, "modified": "2013-02-28T00:00:00", "published": "2013-02-28T00:00:00", "id": "ELSA-2013-0580", "href": "http://linux.oracle.com/errata/ELSA-2013-0580.html", "title": "cups security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:14:05", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2600-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nJanuary 06, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nVulnerability : privilege escalation\nProblem type : local\nDebian-specific: no\nDebian bug : 692791\nCVE ID : CVE-2012-5519\n\nJann Horn discovered that users of the CUPS printing system who are part\nof the lpadmin group could modify several configuration parameters with\nsecurity impact. Specifically, this allows an attacker to read or write\narbitrary files as root which can be used to elevate privileges.\n\nThis update splits the configuration file /etc/cups/cupsd.conf into two\nfiles: cupsd.conf and cups-files.conf. While the first stays configurable\nvia the web interface, the latter can only be configured by the root user.\nPlease see the updated documentation that comes with the new package\nfor more information on these files.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.4-7+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.5.3-2.7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.5.3-2.7.\n\n\nWe recommend that you upgrade your cups packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 9, "modified": "2013-01-06T17:33:38", "published": "2013-01-06T17:33:38", "id": "DEBIAN:DSA-2600-1:28E3F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00003.html", "title": "[SECURITY] [DSA 2600-1] cups security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:27", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519"], "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer\nfor Linux, UNIX, and similar operating systems.\n\nIt was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS configuration\nto gain unintended privileges. Such users could read or write arbitrary\nfiles with the privileges of the CUPS daemon, possibly allowing them to\nrun arbitrary code with root privileges. (CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The newly\nintroduced ConfigurationChangeRestriction directive can be used to enable\nthe changing of the restricted directives remotely. Refer to Red Hat\nBugzilla bug 875898 for more details and the list of restricted directives.\n\nAll users of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the cupsd daemon will be restarted automatically.\n", "modified": "2018-06-06T20:24:15", "published": "2013-02-28T05:00:00", "id": "RHSA-2013:0580", "href": "https://access.redhat.com/errata/RHSA-2013:0580", "type": "redhat", "title": "(RHSA-2013:0580) Moderate: cups security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519"], "description": "It was discovered that users in the lpadmin group could modify certain CUPS \nconfiguration options to escalate privileges. An attacker could use this to \npotentially gain root privileges.", "edition": 5, "modified": "2012-12-05T00:00:00", "published": "2012-12-05T00:00:00", "id": "USN-1654-1", "href": "https://ubuntu.com/security/notices/USN-1654-1", "title": "CUPS vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-09-14T18:35:08", "description": "The following security issue has been fixed in the CUPS print daemon\nCVE-2012-5519: The patch adds better default protection against misuse\nof privileges by normal users who have been specifically allowed by\nroot to do cupsd configuration changes\n\nThe new ConfigurationChangeRestriction cupsd.conf directive specifies\nthe level of restriction for cupsd.conf changes that happen via\nHTTP/IPP requests to the running cupsd (e.g. via CUPS web interface or\nvia the cupsctl command).\n\nBy default certain cupsd.conf directives that deal with filenames,\npaths, and users can no longer be changed via requests to the running\ncupsd but only by manual editing the cupsd.conf file and its default\nfile permissions permit only root to write the cupsd.conf file.\n\nThose directives are: ConfigurationChangeRestriction, AccessLog,\nBrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot,\nErrorLog, FileDevice, FontPath, Group, LogFilePerm, PageLog, Printcap,\nPrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin,\nServerCertificate, ServerKey, ServerRoot, StateDir, SystemGroup,\nSystemGroupAuthKey, TempDir, User.\n\nThe default group of users who are allowed to do cupsd configuration\nchanges via requests to the running cupsd (i.e. the SystemGroup\ndirective in cupsd.conf) is set to 'root' only.\n\nAdditionally the following bug has been fixed :\n\n - strip trailing '@REALM' from username for Kerberos\n authentication (CUPS STR#3972 bnc#827109)", "edition": 17, "published": "2013-11-12T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : CUPS (SAT Patch Numbers 8436 / 8437)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2013-11-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:cups-libs-32bit", "p-cpe:/a:novell:suse_linux:11:cups-client", "p-cpe:/a:novell:suse_linux:11:cups", "p-cpe:/a:novell:suse_linux:11:cups-libs", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CUPS-131016.NASL", "href": "https://www.tenable.com/plugins/nessus/70842", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70842);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-5519\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : CUPS (SAT Patch Numbers 8436 / 8437)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issue has been fixed in the CUPS print daemon\nCVE-2012-5519: The patch adds better default protection against misuse\nof privileges by normal users who have been specifically allowed by\nroot to do cupsd configuration changes\n\nThe new ConfigurationChangeRestriction cupsd.conf directive specifies\nthe level of restriction for cupsd.conf changes that happen via\nHTTP/IPP requests to the running cupsd (e.g. via CUPS web interface or\nvia the cupsctl command).\n\nBy default certain cupsd.conf directives that deal with filenames,\npaths, and users can no longer be changed via requests to the running\ncupsd but only by manual editing the cupsd.conf file and its default\nfile permissions permit only root to write the cupsd.conf file.\n\nThose directives are: ConfigurationChangeRestriction, AccessLog,\nBrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot,\nErrorLog, FileDevice, FontPath, Group, LogFilePerm, PageLog, Printcap,\nPrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin,\nServerCertificate, ServerKey, ServerRoot, StateDir, SystemGroup,\nSystemGroupAuthKey, TempDir, User.\n\nThe default group of users who are allowed to do cupsd configuration\nchanges via requests to the running cupsd (i.e. the SystemGroup\ndirective in cupsd.conf) is set to 'root' only.\n\nAdditionally the following bug has been fixed :\n\n - strip trailing '@REALM' from username for Kerberos\n authentication (CUPS STR#3972 bnc#827109)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5519.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8436 / 8437 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cups-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cups-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"cups-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"cups-client-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"cups-libs-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"cups-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"cups-client-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"cups-libs-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"cups-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"cups-client-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"cups-libs-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"cups-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"cups-client-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"cups-libs-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"cups-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"cups-client-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"cups-libs-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"cups-libs-32bit-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"cups-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"cups-client-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"cups-libs-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"cups-libs-32bit-1.3.9-8.46.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"cups-libs-32bit-1.3.9-8.46.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:28:33", "description": "Updated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for Linux, UNIX, and similar operating systems.\n\nIt was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS\nconfiguration to gain unintended privileges. Such users could read or\nwrite arbitrary files with the privileges of the CUPS daemon, possibly\nallowing them to run arbitrary code with root privileges.\n(CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The\nnewly introduced ConfigurationChangeRestriction directive can be used\nto enable the changing of the restricted directives remotely. Refer to\nRed Hat Bugzilla bug 875898 for more details and the list of\nrestricted directives.\n\nAll users of cups are advised to upgrade to these updated packages,\nwhich contain a backported patch to resolve this issue. After\ninstalling this update, the cupsd daemon will be restarted\nautomatically.", "edition": 24, "published": "2013-03-06T00:00:00", "title": "CentOS 5 / 6 : cups (CESA-2013:0580)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2013-03-06T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:cups-libs", "p-cpe:/a:centos:centos:cups-php", "p-cpe:/a:centos:centos:cups", "p-cpe:/a:centos:centos:cups-lpd", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:cups-devel"], "id": "CENTOS_RHSA-2013-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/65031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0580 and \n# CentOS Errata and Security Advisory 2013:0580 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65031);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n script_xref(name:\"RHSA\", value:\"2013:0580\");\n\n script_name(english:\"CentOS 5 / 6 : cups (CESA-2013:0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for Linux, UNIX, and similar operating systems.\n\nIt was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS\nconfiguration to gain unintended privileges. Such users could read or\nwrite arbitrary files with the privileges of the CUPS daemon, possibly\nallowing them to run arbitrary code with root privileges.\n(CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The\nnewly introduced ConfigurationChangeRestriction directive can be used\nto enable the changing of the restricted directives remotely. Refer to\nRed Hat Bugzilla bug 875898 for more details and the list of\nrestricted directives.\n\nAll users of cups are advised to upgrade to these updated packages,\nwhich contain a backported patch to resolve this issue. After\ninstalling this update, the cupsd daemon will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019261.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4efac01\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019616.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26cc1f4c\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-March/000811.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1af0615a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5519\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"cups-1.3.7-30.el5_9.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"cups-devel-1.3.7-30.el5_9.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"cups-libs-1.3.7-30.el5_9.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"cups-lpd-1.3.7-30.el5_9.3\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-1.4.2-50.el6_4.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-devel-1.4.2-50.el6_4.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-libs-1.4.2-50.el6_4.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-lpd-1.4.2-50.el6_4.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"cups-php-1.4.2-50.el6_4.4\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs / cups-lpd / cups-php\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:55", "description": "A vulnerability was discovered and corrected in cups :\n\nCUPS 1.4.4, when running in certain Linux distributions such as Debian\nGNU/Linux, stores the web interface administrator key in\n/var/run/cups/certs/0 using certain permissions, which allows local\nusers in the lpadmin group to read or write arbitrary files as root by\nleveraging the web interface (CVE-2012-5519).\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2012-12-13T00:00:00", "title": "Mandriva Linux Security Advisory : cups (MDVSA-2012:179)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2012-12-13T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64cups2", "cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:php-cups", "p-cpe:/a:mandriva:linux:cups-serial", "p-cpe:/a:mandriva:linux:libcups2", "p-cpe:/a:mandriva:linux:lib64cups2-devel", "p-cpe:/a:mandriva:linux:cups", "p-cpe:/a:mandriva:linux:libcups2-devel", "p-cpe:/a:mandriva:linux:cups-common"], "id": "MANDRIVA_MDVSA-2012-179.NASL", "href": "https://www.tenable.com/plugins/nessus/63257", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:179. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63257);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n script_xref(name:\"MDVSA\", value:\"2012:179\");\n\n script_name(english:\"Mandriva Linux Security Advisory : cups (MDVSA-2012:179)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in cups :\n\nCUPS 1.4.4, when running in certain Linux distributions such as Debian\nGNU/Linux, stores the web interface administrator key in\n/var/run/cups/certs/0 using certain permissions, which allows local\nusers in the lpadmin group to read or write arbitrary files as root by\nleveraging the web interface (CVE-2012-5519).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.cups.org/str.php?L4223\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-serial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"cups-1.4.8-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"cups-common-1.4.8-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"cups-serial-1.4.8-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64cups2-1.4.8-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.4.8-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libcups2-1.4.8-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libcups2-devel-1.4.8-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"php-cups-1.4.8-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:18:24", "description": "It was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS\nconfiguration to gain unintended privileges. Such users could read or\nwrite arbitrary files with the privileges of the CUPS daemon, possibly\nallowing them to run arbitrary code with root privileges.\n(CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The\nnewly introduced ConfigurationChangeRestriction directive can be used\nto enable the changing of the restricted directives remotely.", "edition": 23, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : cups (ALAS-2013-170)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:cups-devel", "p-cpe:/a:amazon:linux:cups-libs", "p-cpe:/a:amazon:linux:cups", "p-cpe:/a:amazon:linux:cups-php", "p-cpe:/a:amazon:linux:cups-lpd", "p-cpe:/a:amazon:linux:cups-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-170.NASL", "href": "https://www.tenable.com/plugins/nessus/69729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-170.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69729);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_xref(name:\"ALAS\", value:\"2013-170\");\n script_xref(name:\"RHSA\", value:\"2013:0580\");\n\n script_name(english:\"Amazon Linux AMI : cups (ALAS-2013-170)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS\nconfiguration to gain unintended privileges. Such users could read or\nwrite arbitrary files with the privileges of the CUPS daemon, possibly\nallowing them to run arbitrary code with root privileges.\n(CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The\nnewly introduced ConfigurationChangeRestriction directive can be used\nto enable the changing of the restricted directives remotely.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-170.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update cups' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:cups-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"cups-1.4.2-50.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"cups-debuginfo-1.4.2-50.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"cups-devel-1.4.2-50.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"cups-libs-1.4.2-50.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"cups-lpd-1.4.2-50.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"cups-php-1.4.2-50.18.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:19", "description": "This update addresses CVE-2012-5519 by moving certain configuration\nkeywords into a separate file, cups-files.conf, which cannot be\nmodified by cupsd.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-01-14T00:00:00", "title": "Fedora 18 : cups-1.5.4-20.fc18 (2012-19301)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2013-01-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:cups"], "id": "FEDORA_2012-19301.NASL", "href": "https://www.tenable.com/plugins/nessus/63482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-19301.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63482);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n script_xref(name:\"FEDORA\", value:\"2012-19301\");\n\n script_name(english:\"Fedora 18 : cups-1.5.4-20.fc18 (2012-19301)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses CVE-2012-5519 by moving certain configuration\nkeywords into a separate file, cups-files.conf, which cannot be\nmodified by cupsd.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=875898\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?319364aa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"cups-1.5.4-20.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:38:51", "description": "It was discovered that users in the lpadmin group could modify certain\nCUPS configuration options to escalate privileges. An attacker could\nuse this to potentially gain root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-12-06T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : cups, cupsys vulnerability (USN-1654-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:cupsys", "p-cpe:/a:canonical:ubuntu_linux:cups", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1654-1.NASL", "href": "https://www.tenable.com/plugins/nessus/63163", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1654-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63163);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n script_xref(name:\"USN\", value:\"1654-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : cups, cupsys vulnerability (USN-1654-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that users in the lpadmin group could modify certain\nCUPS configuration options to escalate privileges. An attacker could\nuse this to potentially gain root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1654-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cups and / or cupsys packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cupsys\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"cupsys\", pkgver:\"1.3.7-1ubuntu3.16\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cups\", pkgver:\"1.4.3-1ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"cups\", pkgver:\"1.5.0-8ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cups\", pkgver:\"1.5.3-0ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"cups\", pkgver:\"1.6.1-0ubuntu11.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cupsys\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-25T08:55:43", "description": "From Red Hat Security Advisory 2013:0580 :\n\nUpdated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for Linux, UNIX, and similar operating systems.\n\nIt was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS\nconfiguration to gain unintended privileges. Such users could read or\nwrite arbitrary files with the privileges of the CUPS daemon, possibly\nallowing them to run arbitrary code with root privileges.\n(CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The\nnewly introduced ConfigurationChangeRestriction directive can be used\nto enable the changing of the restricted directives remotely. Refer to\nRed Hat Bugzilla bug 875898 for more details and the list of\nrestricted directives.\n\nAll users of cups are advised to upgrade to these updated packages,\nwhich contain a backported patch to resolve this issue. After\ninstalling this update, the cupsd daemon will be restarted\nautomatically.", "edition": 20, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : cups (ELSA-2013-0580)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:cups", "p-cpe:/a:oracle:linux:cups-libs", "p-cpe:/a:oracle:linux:cups-php", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:cups-devel", "p-cpe:/a:oracle:linux:cups-lpd"], "id": "ORACLELINUX_ELSA-2013-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/68766", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0580 and \n# Oracle Linux Security Advisory ELSA-2013-0580 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68766);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n script_xref(name:\"RHSA\", value:\"2013:0580\");\n\n script_name(english:\"Oracle Linux 5 / 6 : cups (ELSA-2013-0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0580 :\n\nUpdated cups packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing\nlayer for Linux, UNIX, and similar operating systems.\n\nIt was discovered that CUPS administrative users (members of the\nSystemGroups groups) who are permitted to perform CUPS configuration\nchanges via the CUPS web interface could manipulate the CUPS\nconfiguration to gain unintended privileges. Such users could read or\nwrite arbitrary files with the privileges of the CUPS daemon, possibly\nallowing them to run arbitrary code with root privileges.\n(CVE-2012-5519)\n\nAfter installing this update, the ability to change certain CUPS\nconfiguration directives remotely will be disabled by default. The\nnewly introduced ConfigurationChangeRestriction directive can be used\nto enable the changing of the restricted directives remotely. Refer to\nRed Hat Bugzilla bug 875898 for more details and the list of\nrestricted directives.\n\nAll users of cups are advised to upgrade to these updated packages,\nwhich contain a backported patch to resolve this issue. After\ninstalling this update, the cupsd daemon will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003309.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003320.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-lpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cups-php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"cups-1.3.7-30.el5_9.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"cups-devel-1.3.7-30.el5_9.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"cups-libs-1.3.7-30.el5_9.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"cups-lpd-1.3.7-30.el5_9.3\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"cups-1.4.2-50.el6_4.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-devel-1.4.2-50.el6_4.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-libs-1.4.2-50.el6_4.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-lpd-1.4.2-50.el6_4.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"cups-php-1.4.2-50.el6_4.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups / cups-devel / cups-libs / cups-lpd / cups-php\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:45", "description": "Jann Horn discovered that users of the CUPS printing system who are\npart of the lpadmin group could modify several configuration\nparameters with security impact. Specifically, this allows an attacker\nto read or write arbitrary files as root which can be used to elevate\nprivileges.\n\nThis update splits the configuration file /etc/cups/cupsd.conf into\ntwo files: cupsd.conf and cups-files.conf. While the first stays\nconfigurable via the web interface, the latter can only be configured\nby the root user. Please see the updated documentation that comes with\nthe new package for more information on these files.", "edition": 16, "published": "2013-01-07T00:00:00", "title": "Debian DSA-2600-1 : cups - privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2013-01-07T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:cups"], "id": "DEBIAN_DSA-2600.NASL", "href": "https://www.tenable.com/plugins/nessus/63385", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2600. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63385);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n script_xref(name:\"DSA\", value:\"2600\");\n\n script_name(english:\"Debian DSA-2600-1 : cups - privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that users of the CUPS printing system who are\npart of the lpadmin group could modify several configuration\nparameters with security impact. Specifically, this allows an attacker\nto read or write arbitrary files as root which can be used to elevate\nprivileges.\n\nThis update splits the configuration file /etc/cups/cupsd.conf into\ntwo files: cupsd.conf and cups-files.conf. While the first stays\nconfigurable via the web interface, the latter can only be configured\nby the root user. Please see the updated documentation that comes with\nthe new package for more information on these files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/cups\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2600\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cups packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.4-7+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"cups\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-bsd\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-client\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-common\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-dbg\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cups-ppdc\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cupsddk\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcups2\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcups2-dev\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupscgi1\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupscgi1-dev\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsdriver1\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsdriver1-dev\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsimage2\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsimage2-dev\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsmime1\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsmime1-dev\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsppdc1\", reference:\"1.4.4-7+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcupsppdc1-dev\", reference:\"1.4.4-7+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:36", "description": "The remote host is affected by the vulnerability described in GLSA-201404-01\n(CUPS: Arbitrary file read/write)\n\n Members of the lpadmin group have admin access to the web interface,\n where they can\n edit the config file and set some “dangerous” directives (like the\n logfilenames), which enable them to read or write files as the user\n running\n the CUPS webserver.\n \nImpact :\n\n A local attacker could possibly exploit this vulnerability to read or\n write files as the user running the CUPS webserver.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-04-08T00:00:00", "title": "GLSA-201404-01 : CUPS: Arbitrary file read/write", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2014-04-08T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:cups"], "id": "GENTOO_GLSA-201404-01.NASL", "href": "https://www.tenable.com/plugins/nessus/73390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201404-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73390);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n script_xref(name:\"GLSA\", value:\"201404-01\");\n\n script_name(english:\"GLSA-201404-01 : CUPS: Arbitrary file read/write\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201404-01\n(CUPS: Arbitrary file read/write)\n\n Members of the lpadmin group have admin access to the web interface,\n where they can\n edit the config file and set some “dangerous” directives (like the\n logfilenames), which enable them to read or write files as the user\n running\n the CUPS webserver.\n \nImpact :\n\n A local attacker could possibly exploit this vulnerability to read or\n write files as the user running the CUPS webserver.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201404-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CUPS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.6.2-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-print/cups\", unaffected:make_list(\"ge 1.6.2-r5\"), vulnerable:make_list(\"lt 1.6.2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CUPS\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:33:59", "description": "According to its banner, the version of CUPS installed on the remote\nhost is earlier than 1.6.2. It is, therefore, potentially affected by\nthe following vulnerabilities :\n\n - Permissions on the file '/var/run/cups/certs/0' could\n allow access to CUPS administration interface\n authentication key material and thus, the interface\n itself with admin rights. Additionally, users with admin\n rights can edit the configuration file and specify\n malicious commands that are then carried out with root\n user permissions. (CVE-2012-5519)\n\n - Multiple errors exist related to the functions\n 'ippEnumString', 'ippReadIO', 'set_time',\n 'load_request_root' and 'http_resolve_cb' that could\n allow denial of service attacks.", "edition": 26, "published": "2013-04-10T00:00:00", "title": "CUPS < 1.6.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5519"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:cups"], "id": "CUPS_1_6_2.NASL", "href": "https://www.tenable.com/plugins/nessus/65970", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65970);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2012-5519\");\n script_bugtraq_id(56494);\n\n script_name(english:\"CUPS < 1.6.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks CUPS server version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote print service is potentially affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of CUPS installed on the remote\nhost is earlier than 1.6.2. It is, therefore, potentially affected by\nthe following vulnerabilities :\n\n - Permissions on the file '/var/run/cups/certs/0' could\n allow access to CUPS administration interface\n authentication key material and thus, the interface\n itself with admin rights. Additionally, users with admin\n rights can edit the configuration file and specify\n malicious commands that are then carried out with root\n user permissions. (CVE-2012-5519)\n\n - Multiple errors exist related to the functions\n 'ippEnumString', 'ippReadIO', 'set_time',\n 'load_request_root' and 'http_resolve_cb' that could\n allow denial of service attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cups.org/blog/2013-03-18-cups-1.6.2.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/apple/cups/issues/4223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/apple/cups/issues/4242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2012/11/11/2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to CUPS version 1.6.2 or later, or apply the vendor patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/10\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:cups\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"cups_1_3_5.nasl\");\n script_require_keys(\"www/cups\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 631);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:631, embedded:TRUE);\nget_kb_item_or_exit(\"www/\"+port+\"/cups/running\");\n\nversion = get_kb_item_or_exit(\"cups/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"cups/\"+port+\"/source\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (version =~ \"^(1|1\\.6)($|[^0-9rb.])\") audit(AUDIT_VER_NOT_GRANULAR, \"CUPS\", port, version);\n\nif (\n version =~ \"^1\\.[0-5]($|[^0-9])\" ||\n version =~ \"^1\\.6\\.[01]($|[^0-9.])\" ||\n version =~ \"^1\\.6(rc|b)\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.6.2\\n';\n\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"CUPS\", port, version);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2013-01-12T01:01:29", "published": "2013-01-12T01:01:29", "id": "FEDORA:21DDB22107", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: cups-1.5.4-20.fc18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5519", "CVE-2012-6094"], "description": "The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. ", "modified": "2013-02-26T02:42:00", "published": "2013-02-26T02:42:00", "id": "FEDORA:8CC6B20C5D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: cups-1.5.4-18.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2020-10-15T02:36:40", "description": "This module exploits a vulnerability in CUPS < 1.6.2, an open source printing system. CUPS allows members of the lpadmin group to make changes to the cupsd.conf configuration, which can specify an Error Log path. When the user visits the Error Log page in the web interface, the cupsd daemon (running with setuid root) reads the Error Log path and echoes it as plaintext. This module is known to work on Mac OS X < 10.8.4 and Ubuntu Desktop <= 12.0.4 as long as the session is in the lpadmin group. Warning: if the user has set up a custom path to the CUPS error log, this module might fail to reset that path correctly. You can specify a custom error log path with the ERROR_LOG datastore option.\n", "published": "2013-08-25T19:30:11", "type": "metasploit", "title": "CUPS 1.6.1 Root File Read", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-5519"], "modified": "2020-10-02T20:00:37", "id": "MSF:POST/MULTI/ESCALATE/CUPS_ROOT_FILE_READ", "href": "", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/post/multi/escalate/cups_root_file_read.rb"}], "suse": [{"lastseen": "2016-09-04T12:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "edition": 1, "modified": "2015-06-11T19:04:58", "published": "2015-06-11T19:04:58", "id": "SUSE-SU-2015:1044-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html", "type": "suse", "title": "Security update for cups154 (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:47:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "edition": 1, "modified": "2015-06-11T20:06:22", "published": "2015-06-11T20:06:22", "id": "SUSE-SU-2015:1044-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00008.html", "title": "Security update for cups154 (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:30:36", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "description": "This update fixes the following issues:\n\n - CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation\n via cross-site scripting and bad print job submission used to replace\n cupsd.conf on server (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158\n CVE-2015-1159 bugzilla.suse.com bsc#924208). In general it is crucial to\n limit access to CUPS to trustworthy users who do not misuse their\n permission to submit print jobs which means to upload arbitrary data\n onto the CUPS server, see\n <a rel=\"nofollow\" href=\"https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings\">https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings</a> and cf. the\n entries about CVE-2012-5519 below.\n\n", "edition": 1, "modified": "2015-06-12T21:05:05", "published": "2015-06-12T21:05:05", "id": "OPENSUSE-SU-2015:1056-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html", "type": "suse", "title": "Security update for cups (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:26:30", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1158", "CVE-2012-5519", "CVE-2015-1159"], "description": "The following issues are fixed by this update:\n\n * CVE-2012-5519: privilege escalation via cross-site scripting and bad\n print job submission used to replace cupsd.conf on server (bsc#924208).\n * CVE-2015-1158: Improper Update of Reference Count\n * CVE-2015-1159: Cross-Site Scripting\n\n", "edition": 1, "modified": "2015-06-11T17:05:04", "published": "2015-06-11T17:05:04", "id": "SUSE-SU-2015:1041-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html", "type": "suse", "title": "Security update for cups (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
