CVE-2021-25317 – cups: ownership of /var/log/cups allows the lp user to create files as root
https://notcve.org/view.php?id=CVE-2021-25317
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de cups de SUSE Linux Enterprise Server versión 11-SP4-LTSS, SUSE Manager Server versión 4.0, SUSE OpenStack Cloud Crowbar versión 9; openSUSE Leap versión 15.2, Factory permite a atacantes locales con control de los usuarios lp crear archivos como root con permisos 0644 sin la capacidad de configurar el contenido. • https://bugzilla.suse.com/show_bug.cgi?id=1184161 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47 • CWE-276: Incorrect Default Permissions •
CVE-2018-4300 – cups: Session cookie generated by the CUPS web interface is easy to guess
https://notcve.org/view.php?id=CVE-2018-4300
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. La cookie de sesión generada por la interfaz web de CUPS era fácil de adivinar en Linux, permitiendo un acceso de script no autorizado a la interfaz web cuando está deshabilitada. Este problema afectaba a las versiones anteriores a la v2.2.10. • http://www.securityfocus.com/bid/107785 https://github.com/apple/cups/releases/tag/v2.2.10 https://lists.debian.org/debian-lts-announce/2019/09/msg00028.html https://access.redhat.com/security/cve/CVE-2018-4300 https://bugzilla.redhat.com/show_bug.cgi?id=1695929 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVE-2017-18248
https://notcve.org/view.php?id=CVE-2017-18248
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. La función add_job en scheduler/ipp.c en CUPS, en versiones anteriores a la 2.2.6, cuando un soporte D-Bus está habilitado, podría experimentar un cierre inesperado llevado a cabo por atacantes remotos mediante el envío de tareas de impresión con un nombre de usuario no válido. Esto está relacionado con una notificación D-Bus. • https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3 https://github.com/apple/cups/issues/5143 https://github.com/apple/cups/releases/tag/v2.2.6 https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html https://security.cucumberlinux.com/security/details.php?id=346 https://usn.ubuntu.com/3713-1 • CWE-20: Improper Input Validation •
CVE-2017-18190 – cups: DNS rebinding attacks via incorrect whitelist
https://notcve.org/view.php?id=CVE-2017-18190
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). Una entrada en la lista blanca localhost.localdomain en valid_host() en scheduler/client.c en CUPS, en versiones anteriores a la 2.2.2, permite que atacantes remotos ejecuten comandos IPP arbitrarios mediante el envío de peticiones POST al demonio CUPS junto con reenlaces DNS. El nombre localhost.localdomain suele resolverse mediante un servidor DNS (ni el sistema operativo ni el navegador web son responsables de garantizar que localhost.localdomain sea 127.0.0.1). • https://bugs.chromium.org/p/project-zero/issues/detail?id=1048 https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html https://usn.ubuntu.com/3577-1 https://access.redhat.com/security/cve/CVE-2017-18190 https://bugzilla.redhat.com/show_bug.cgi?id=1546395 • CWE-284: Improper Access Control CWE-290: Authentication Bypass by Spoofing •