CVE-2015-1158 – CUPS < 2.0.3 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-1158
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. La función add_job en scheduler/ipp.c en cupsd en CUPS anterior a 2.0.3 realiza incorrectamente las operaciones libres para los atributos de los nombres de anfitriones que originan trabajos de múltiples valores, lo que permite a atacantes remotos provocar la corrupción de datos para las cadenas de referencias contadas a través de una solicitud (1) IPP_CREATE_JOB o (2) IPP_PRINT_JOB manipulada, tal y como fue demostrado mediante el remplazo del fichero de configuración y como consecuencia la ejecución de código arbitrario. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker could submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allowed the attacker to run arbitrary code on the CUPS server. CUPS versions prior to 2.0.3 suffers from improper teardown and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/41233 https://www.exploit-db.com/exploits/37336 http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html http://rhn.redhat.com/errata/RHSA- • CWE-254: 7PK - Security Features •
CVE-2015-1159 – cups: cross-site scripting flaw in CUPS web UI (VU#810572)
https://notcve.org/view.php?id=CVE-2015-1159
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. Vulnerabilidad de XSS en la función cgi_puts en cgi-bin/template.c en el motor de plantillas en CUPS anterior a 2.0.3 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro QUERY en help/. A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. CUPS versions prior to 2.0.3 suffers from improper teardown and cross site scripting vulnerabilities. • http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html http://rhn.redhat.com/errata/RHSA-2015-1123.html http://www.cups.org/blog.php?L1082 http://www.debian.org/security/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-9679 – cups: cupsRasterReadPixels buffer overflow
https://notcve.org/view.php?id=CVE-2014-9679
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Desbordamiento de enteros en la función cupsRasterReadPixels en filter/raster.c en CUPS anterior a 2.0.2 permite a atacantes remotos tener un impacto no especificado a través de un fichero de raster comprimido malformado, lo que provoca un desbordamiento de buffer. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash. • http://advisories.mageia.org/MGASA-2015-0067.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150171.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150177.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00098.html http://rhn.redhat.com/errata/RHSA-2015-1123.html http://www.debian.org/security/2015/dsa-3172 http://www.mandriva.com/security/advisories?name=MDVSA-2015:049 http://www.mandriva.com/security/advisories?name=MDVSA-201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-5030 – cups: allows local users to read arbitrary files via a symlink attack
https://notcve.org/view.php?id=CVE-2014-5030
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. CUPS anterior a 2.0 permite a usuarios locales leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc o (6) index.py. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. • http://advisories.mageia.org/MGASA-2014-0313.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/60509 http://secunia.com/advisories/60787 http://www.debian.org/security/2014/dsa-2990 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/07/22/13 http://www.openwall.com/lists/oss-security/2014/07/22/2 http://www.ubuntu.com/usn/USN-2341-1 https://cups.org/str.php • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2014-5031 – cups: world-readable permissions
https://notcve.org/view.php?id=CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. La interfaz web en CUPS anterior a 2.0 no comprueba que los ficheros tienen permisos de lectura universal, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. • http://advisories.mageia.org/MGASA-2014-0313.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/60509 http://secunia.com/advisories/60787 http://www.debian.org/security/2014/dsa-2990 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/07/22/13 http://www.openwall.com/lists/oss-security/2014/07/22/2 http://www.ubuntu.com/usn/USN-2341-1 https://cups.org/str.php • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •