CUPS < 1.1.23 Multiple Vulnerabilities

Published: 2005-11-03 13:08:04
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Recommendations:
Upgrade to CUPS 1.1.23 or later.

Summary:
The remote host is running a CUPS server whose version number is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to multiple vulnerabilities : - The is_path_absolute function in scheduler/client.c for the daemon in CUPS allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a '..\..' URL in an HTTP request. - A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted HPGL files can execute arbitrary commands as the CUPS 'lp' account. - A local user may be able to prevent anyone from changing his or her password until a temporary copy of the new password file is cleaned up ('lppasswd' flaw). - A local user may be able to add arbitrary content to the password file by closing the stderr file descriptor while running lppasswd (lppasswd flaw). - A local attacker may be able to truncate the CUPS password file, thereby denying service to valid clients using digest authentication. (lppasswd flaw). - The application applies ACLs to incoming print jobs in a case-sensitive fashion. Thus, an attacker can bypass restrictions by changing the case in printer names when submitting jobs. [Fixed in 1.1.21.]

Solution Type:
Vendor Patch

Detection Type:
Remote Banner Unreliable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2004-1267
https://nvd.nist.gov/vuln/detail/CVE-2004-1268
https://nvd.nist.gov/vuln/detail/CVE-2004-1269
https://nvd.nist.gov/vuln/detail/CVE-2004-1270
https://nvd.nist.gov/vuln/detail/CVE-2005-2874

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/11968
https://www.securityfocus.com/bid/12004
https://www.securityfocus.com/bid/12005
https://www.securityfocus.com/bid/12007
https://www.securityfocus.com/bid/12200
https://www.securityfocus.com/bid/14265

References:

http://www.cups.org/str.php?L700
http://www.cups.org/str.php?L1024
http://www.cups.org/str.php?L1023
http://www.cups.org/str.php?L1042

Search
Severity
Medium
CVSS Score
6.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.