CVE-2012-6094
Mandriva Linux Security Advisory 2013-034
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
La opción "Listen localhost:631" de cups (Common Unix Printing System) no acepto correctamente, que podría proporcionar acceso no autorizado al sistema.
During the process of CUPS socket activation code refactoring in favour of systemd capability a security flaw was found in the way CUPS service honored Listen localhost:631 cupsd.conf configuration option. The setting was recognized properly for IPv4-enabled systems, but failed to be correctly applied for IPv6-enabled systems. As a result, a remote attacker could use this flaw to obtain access to the CUPS web-based administration interface.The fix for now is to not enable IP-based systemd socket activation by default. This update adds a patch to correct printing problems with some USB connected printers in cups 1.5.4. Further, this update should correct possible printing problems with the following printers since the update to cups 1.5.4. Canon, Inc. PIXMA iP4200 Canon, Inc. PIXMA iP4300 Canon, Inc. MP500 Canon, Inc. MP510 Canon, Inc. MP550 Canon, Inc. MP560 Brother Industries, Ltd, HL-1430 Laser Printer Brother Industries, Ltd, HL-1440 Laser Printer Oki Data Corp. Okipage 14ex Printer Oki Data Corp. B410d Xerox Phaser 3124 All Zebra devices Additionally, patches have been added to fix printing from newer apple devices and to correct an error in the \%post script which prevented the cups service from starting when freshly installed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-06 CVE Reserved
- 2013-04-05 CVE Published
- 2024-08-06 CVE Updated
- 2025-06-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/01/04/5 | Mailing List |
|
| http://www.securityfocus.com/bid/57158 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6094 | Issue Tracking | |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6094 | Issue Tracking | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82451 | Third Party Advisory | |
| https://security-tracker.debian.org/tracker/CVE-2012-6094 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/cve-2012-6094 | 2020-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | < 1.5.4-1.1 Search vendor "Apple" for product "Cups" and version " < 1.5.4-1.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||