CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.0%
CUPS implements the Internet Printing Protocol (IPP) for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error.
CWE-911**: Improper Update of Reference Count -**CVE-2015-1158
An issue with how localized strings are handled in cupsd
allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap. The dangling pointer causes ACL verification to fail when parsing 'admin/conf'
and ``'admin'
ACLs. The ACL handling failure results in unrestricted access to privileged operations, allowing an unauthenticated remote user to upload a replacement CUPS configuration file and mount further attacks.
This vulnerability was introduced in CUPS 1.2.0, released in 2006. All major versions of CUPS from 1.2 to 2.0 are vulnerable. This vulnerability is exploitable by default and without any special permissions other than the ability to send a print job request.
CWE-79**: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) -**CVE-2015-1159
A cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web._ _In certain cases, the CGI template can echo user input to file rather than escaping the text first. This may be used to set up a reflected XSS attack in the QUERY parameter of the web interface help page. By default, many linux distributions run with the web interface activated; OS X has the web interface deactivated by default.
The CVSS score below is based on CVE-2015-1158.
CVE-2015-1158 may allow a remote unauthenticated attacker access to privileged operations on the CUPS server. CVE-2015-1159 may allow an attacker to execute arbitrary javascript in a user’s browser.
Apply an update
A patch addressing these issues has been released for all supported versions of CUPS. For the version 2.0 branch (the latest release), 2.0.3 contains the patch. Affected users are encouraged to update as soon as possible.
810572
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 06, 2015 Updated: May 08, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 08, 2015 Updated: June 10, 2015
Statement Date: June 10, 2015
Affected
We have not received a statement from the vendor.
FreeBSD ships with CUPS in ports tree and was therefore affected.
An update was done on Jun 9 22:15:48 2015 UTC (r389006).
Notified: May 08, 2015 Updated: June 10, 2015
Statement Date: June 10, 2015
Affected
We have not received a statement from the vendor.
SLE 12 is affected and will receive an update soon.
SLE 11 is affected and will receive an update soon.
Notified: May 08, 2015 Updated: June 10, 2015
Statement Date: June 10, 2015
Affected
We have not received a statement from the vendor.
openSUSE 13.1 and 13.2 are affected and will receive updates soon.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
Notified: May 08, 2015 Updated: May 08, 2015
Unknown
We have not received a statement from the vendor.
View all 32 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.3 | E:POC/RL:OF/RC:C |
Environmental | 5.5 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-1158, CVE-2015-1159 |
---|---|
Date Public: | 2015-06-08 Date First Published: |