| Description: | Summary:
CUPS is prone to multiple vulnerabilities.
Vulnerability Insight:
The following flaws exist:
- The is_path_absolute function in scheduler/client.c for the daemon in CUPS allows remote
attackers to cause a denial of service (CPU consumption by tight loop) via a '..\..' URL in an
HTTP request.
- A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted
HPGL files can execute arbitrary commands as the CUPS 'lp' account.
- A local user may be able to prevent anyone from changing his or her password until a temporary
copy of the new password file is cleaned up ('lppasswd' flaw).
- A local user may be able to add arbitrary content to the password file by closing the stderr
file descriptor while running lppasswd (lppasswd flaw).
- A local attacker may be able to truncate the CUPS password file, thereby denying service to
valid clients using digest authentication. (lppasswd flaw).
- The application applies ACLs to incoming print jobs in a case-sensitive fashion. Thus, an
attacker can bypass restrictions by changing the case in printer names when submitting jobs.
[Fixed in 1.1.21.]
Affected Software/OS:
CUPS version 1.0.4 through 1.1.22.
Solution:
Update to version 1.1.23 or later.
CVSS Score:
6.5
CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
