CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4300 – cups: Session cookie generated by the CUPS web interface is easy to guess
https://notcve.org/view.php?id=CVE-2018-4300
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. La cookie de sesión generada por la interfaz web de CUPS era fácil de adivinar en Linux, permitiendo un acceso de script no autorizado a la interfaz web cuando está deshabilitada. Este problema afectaba a las versiones anteriores a la v2.2.10. • http://www.securityfocus.com/bid/107785 https://github.com/apple/cups/releases/tag/v2.2.10 https://lists.debian.org/debian-lts-announce/2019/09/msg00028.html https://access.redhat.com/security/cve/CVE-2018-4300 https://bugzilla.redhat.com/show_bug.cgi?id=1695929 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 2CVE-2017-18248
https://notcve.org/view.php?id=CVE-2017-18248
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. La función add_job en scheduler/ipp.c en CUPS, en versiones anteriores a la 2.2.6, cuando un soporte D-Bus está habilitado, podría experimentar un cierre inesperado llevado a cabo por atacantes remotos mediante el envío de tareas de impresión con un nombre de usuario no válido. Esto está relacionado con una notificación D-Bus. • https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3 https://github.com/apple/cups/issues/5143 https://github.com/apple/cups/releases/tag/v2.2.6 https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html https://security.cucumberlinux.com/security/details.php?id=346 https://usn.ubuntu.com/3713-1 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18190 – cups: DNS rebinding attacks via incorrect whitelist
https://notcve.org/view.php?id=CVE-2017-18190
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). Una entrada en la lista blanca localhost.localdomain en valid_host() en scheduler/client.c en CUPS, en versiones anteriores a la 2.2.2, permite que atacantes remotos ejecuten comandos IPP arbitrarios mediante el envío de peticiones POST al demonio CUPS junto con reenlaces DNS. El nombre localhost.localdomain suele resolverse mediante un servidor DNS (ni el sistema operativo ni el navegador web son responsables de garantizar que localhost.localdomain sea 127.0.0.1). • https://bugs.chromium.org/p/project-zero/issues/detail?id=1048 https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html https://usn.ubuntu.com/3577-1 https://access.redhat.com/security/cve/CVE-2017-18190 https://bugzilla.redhat.com/show_bug.cgi?id=1546395 • CWE-284: Improper Access Control CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8166
https://notcve.org/view.php?id=CVE-2014-8166
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. La característica de navegación en el servidor en CUPS no filtra secuencias de escape ANSI de nombres de impresora compartidos, lo que podría permitir que atacantes remotos ejecuten código arbitrario mediante un nombre de impresora manipulado. • http://www.openwall.com/lists/oss-security/2015/03/24/15 http://www.openwall.com/lists/oss-security/2015/03/24/2 http://www.securityfocus.com/bid/73300 https://bugzilla.redhat.com/show_bug.cgi?id=1084577 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 91%CPEs: 1EXPL: 2CVE-2015-1158 – CUPS < 2.0.3 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-1158
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. La función add_job en scheduler/ipp.c en cupsd en CUPS anterior a 2.0.3 realiza incorrectamente las operaciones libres para los atributos de los nombres de anfitriones que originan trabajos de múltiples valores, lo que permite a atacantes remotos provocar la corrupción de datos para las cadenas de referencias contadas a través de una solicitud (1) IPP_CREATE_JOB o (2) IPP_PRINT_JOB manipulada, tal y como fue demostrado mediante el remplazo del fichero de configuración y como consecuencia la ejecución de código arbitrario. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker could submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allowed the attacker to run arbitrary code on the CUPS server. CUPS versions prior to 2.0.3 suffers from improper teardown and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/41233 https://www.exploit-db.com/exploits/37336 http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html http://rhn.redhat.com/errata/RHSA- • CWE-254: 7PK - Security Features •