Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6184-2.NASL
HistoryJul 17, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 ESM : CUPS vulnerability (USN-6184-2)

2023-07-1700:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
JSON

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6184-2 advisory.

  • OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function httpClose(con->http) being called in scheduler/client.c. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function cupsdAcceptClient if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in cupsd.conf) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from /etc/hosts.allow and /etc/hosts.deny. Version 2.4.6 has a patch for this issue. (CVE-2023-34241)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6184-2. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(178326);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/17");

  script_cve_id("CVE-2023-34241");
  script_xref(name:"USN", value:"6184-2");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 ESM : CUPS vulnerability (USN-6184-2)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced
in the USN-6184-2 advisory.

  - OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like
    operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to
    the logging service AFTER the connection has been closed, when it should have logged the data right
    before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue
    is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose
    always, provided its argument is not null, frees the pointer at the end of the call, only for
    cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient`
    if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address
    (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP
    wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version
    2.4.6 has a patch for this issue. (CVE-2023-34241)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6184-2");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-34241");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-bsd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-core-drivers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-ipp-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-ppdc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-server-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcups2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcups2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupscgi1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupscgi1-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsmime1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsmime1-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsppdc1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsppdc1-dev");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'cups', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'cups-bsd', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'cups-client', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'cups-common', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'cups-core-drivers', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'cups-daemon', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'cups-ipp-utils', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'cups-ppdc', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'cups-server-common', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcups2', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcups2-dev', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcupscgi1', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcupscgi1-dev', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcupsimage2', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcupsimage2-dev', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcupsmime1', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcupsmime1-dev', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcupsppdc1', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '16.04', 'pkgname': 'libcupsppdc1-dev', 'pkgver': '2.1.3-4ubuntu0.11+esm3'},
    {'osver': '18.04', 'pkgname': 'cups', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'cups-bsd', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'cups-client', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'cups-common', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'cups-core-drivers', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'cups-daemon', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'cups-ipp-utils', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'cups-ppdc', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'cups-server-common', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'libcups2', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'libcups2-dev', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'libcupscgi1', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'libcupsimage2', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'libcupsimage2-dev', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'libcupsmime1', 'pkgver': '2.2.7-1ubuntu2.10+esm1'},
    {'osver': '18.04', 'pkgname': 'libcupsppdc1', 'pkgver': '2.2.7-1ubuntu2.10+esm1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cups / cups-bsd / cups-client / cups-common / cups-core-drivers / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxcupsp-cpe:/a:canonical:ubuntu_linux:cups
canonicalubuntu_linuxlibcupsimage2p-cpe:/a:canonical:ubuntu_linux:libcupsimage2
canonicalubuntu_linuxlibcupsimage2-devp-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev
canonicalubuntu_linuxcups-bsdp-cpe:/a:canonical:ubuntu_linux:cups-bsd
canonicalubuntu_linuxcups-clientp-cpe:/a:canonical:ubuntu_linux:cups-client
canonicalubuntu_linuxcups-commonp-cpe:/a:canonical:ubuntu_linux:cups-common
canonicalubuntu_linuxcups-ppdcp-cpe:/a:canonical:ubuntu_linux:cups-ppdc
canonicalubuntu_linuxlibcups2p-cpe:/a:canonical:ubuntu_linux:libcups2
canonicalubuntu_linuxlibcups2-devp-cpe:/a:canonical:ubuntu_linux:libcups2-dev
canonicalubuntu_linuxlibcupscgi1p-cpe:/a:canonical:ubuntu_linux:libcupscgi1
Rows per page:
1-10 of 211

Related

nessus 35
openvas 23
fedora 2
mageia 1
amazon 2
osv 6
cbl_mariner 1
debian 1
ubuntucve 1
cve 1
debiancve 1
ubuntu 2
veracode 1
prion 1
redhatcve 1
alpinelinux 1
slackware 1
almalinux 2
redhat 14
oraclelinux 2
photon 2
rosalinux 1
gentoo 1
ibm 4
apple 3
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : CUPS vulnerability (USN-6184-1)
2023-06-22 00:00:00
Debian DLA-3476-1 : cups - LTS security update
2023-07-03 00:00:00
EulerOS 2.0 SP11 : cups (EulerOS-SA-2023-2856)
2024-01-16 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2616-1)
2023-06-23 00:00:00
CUPS 2.2.0 < 2.4.6 Use After Free Vulnerability
2023-08-14 00:00:00
Ubuntu: Security Advisory (USN-6184-2)
2023-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: cups-2.4.6-1.fc38
2023-06-30 01:23:27
[SECURITY] Fedora 37 Update: cups-2.4.6-1.fc37
2023-07-14 01:19:52
mageia
mageia
Updated cups packages fix security vulnerability
2023-07-07 08:54:45
amazon
amazon
Medium: cups
2023-07-05 22:01:00
Medium: cups
2023-07-05 21:44:00
osv
osv
cups - security update
2023-06-30 00:00:00
CVE-2023-34241
2023-06-22 23:15:09
cups vulnerability
2023-06-22 14:31:48
cbl_mariner
cbl_mariner
CVE-2023-34241 affecting package cups for versions less than 2.3.3op2-7
2024-04-13 08:55:39
debian
debian
[SECURITY] [DLA 3476-1] cups security update
2023-06-30 18:30:28
ubuntucve
ubuntucve
CVE-2023-34241
2023-06-22 00:00:00
cve
cve
CVE-2023-34241
2023-06-22 23:15:09
debiancve
debiancve
CVE-2023-34241
2023-06-22 23:15:09
ubuntu
ubuntu
CUPS vulnerability
2023-06-22 00:00:00
CUPS vulnerability
2023-07-17 00:00:00
veracode
veracode
Use-After-Free
2023-07-11 12:56:52
prion
prion
Design/Logic Flaw
2023-06-22 23:15:00
redhatcve
redhatcve
CVE-2023-34241
2023-06-22 11:17:06
alpinelinux
alpinelinux
CVE-2023-34241
2023-06-22 23:15:09
slackware
slackware
[slackware-security] cups
2023-06-22 19:14:03
almalinux
almalinux
Moderate: cups security and bug fix update
2023-11-07 00:00:00
Moderate: cups security and bug fix update
2023-11-14 00:00:00
redhat
redhat
(RHSA-2023:7165) Moderate: cups security and bug fix update
2023-11-14 08:46:50
(RHSA-2023:6596) Moderate: cups security and bug fix update
2023-11-07 06:09:41
(RHSA-2024:1409) Moderate: cups security update
2024-03-19 16:35:18
oraclelinux
oraclelinux
cups security and bug fix update
2023-11-11 00:00:00
cups security and bug fix update
2023-11-17 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0416
2023-06-22 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0035
2023-06-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2377
2024-03-19 12:44:17
gentoo
gentoo
CUPS: Multiple Vulnerabilities
2024-02-18 00:00:00
ibm
ibm
Security Bulletin: App Connect Enterprise Certified Container UBI updates
2024-02-02 14:30:02
Security Bulletin: Netcool Operations Insights 1.6.12 addresses multiple security vulnerabilities.
2024-04-02 11:06:22
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55
apple
apple
About the security content of macOS Big Sur 11.7.9
2023-07-24 00:00:00
About the security content of macOS Monterey 12.6.8
2023-07-24 00:00:00
About the security content of macOS Ventura 13.5
2023-07-24 00:00:00
JSON
Related for UBUNTU_USN-6184-2.NASL
nessus35openvas23fedora2mageia1amazon2osv6cbl_mariner1debian1ubuntucve1cve1debiancve1ubuntu2veracode1prion1redhatcve1alpinelinux1slackware1almalinux2redhat14oraclelinux2photon2rosalinux1gentoo1ibm4apple3