[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4243-1 cups -- cups

ID: oval:org.secpod.oval:def:603450Date: (C)2018-07-16   (M)2023-12-20
Class: PATCHFamily: unix




Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System. These issues have been identified with the following CVE ids: CVE-2017-15400 Rory McNamara discovered that an attacker is able to execute arbitrary commands by setting a malicious IPP server with a crafted PPD file. CVE-2018-4180 Dan Bastone of Gotham Digital Science discovered that a local attacker with access to cupsctl could escalate privileges by setting an environment variable. CVE-2018-4181 Eric Rafaloff and John Dunlap of Gotham Digital Science discovered that a local attacker can perform limited reads of arbitrary files as root by manipulating cupsd.conf. CVE-2018-4182 Dan Bastone of Gotham Digital Science discovered that an attacker with sandboxed root access can execute backends without a sandbox profile by provoking an error in CUPS" profile creation. CVE-2018-4183 Dan Bastone and Eric Rafaloff of Gotham Digital Science discovered that an attacker with sandboxed root access can execute arbitrary commands as unsandboxed root by modifying /etc/cups/cups-files.conf CVE-2018-6553 Dan Bastone of Gotham Digital Science discovered that an attacker can bypass the AppArmor cupsd sandbox by invoking the dnssd backend using an alternate name that has been hard linked to dnssd.

Platform:
Debian 9.x
Product:
libcupscgi1
libcupsimage2
libcupsmime1
libcups2
libcupsppdc1
cups
Reference:
DSA-4243-1
CVE-2017-15400
CVE-2018-4180
CVE-2018-4181
CVE-2018-4182
CVE-2018-4183
CVE-2018-6553
CVE    6
CVE-2017-15400
CVE-2018-6553
CVE-2018-4182
CVE-2018-4183
...
CPE    4
cpe:/o:debian:debian_linux:9.0
cpe:/a:cups:cups
cpe:/o:debian:debian_linux:9.x
cpe:/o:debian:debian_linux:8.0
...

© SecPod Technologies