Test ID:	1.3.6.1.4.1.25623.1.0.850659
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for cups (openSUSE-SU-2015:1056-1)
Summary:	The remote host is missing an update for the 'cups'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'cups' package(s) announced via the referenced advisory. Vulnerability Insight: This update fixes the following issues: - CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on server (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158 CVE-2015-1159 bugzilla.suse.com bsc#924208). In general it is crucial to limit access to CUPS to trustworthy users who do not misuse their permission to submit print jobs which means to upload arbitrary data onto the CUPS server, see the references and cf. the entries about CVE-2012-5519. Affected Software/OS: cups on openSUSE 13.1 Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5519 56494 http://www.securityfocus.com/bid/56494 APPLE-SA-2013-06-04-1 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html RHSA-2013:0580 http://rhn.redhat.com/errata/RHSA-2013-0580.html SUSE-SU-2015:1041 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html SUSE-SU-2015:1044 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html USN-1654-1 http://www.ubuntu.com/usn/USN-1654-1 [oss-security] 20121110 Privilege escalation (lpadmin -> root) in cups http://www.openwall.com/lists/oss-security/2012/11/10/5 [oss-security] 20121111 Re: Privilege escalation (lpadmin -> root) in cups http://www.openwall.com/lists/oss-security/2012/11/11/2 http://www.openwall.com/lists/oss-security/2012/11/11/5 cups-systemgroup-priv-esc(80012) https://exchange.xforce.ibmcloud.com/vulnerabilities/80012 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791 http://support.apple.com/kb/HT5784 openSUSE-SU-2015:1056 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1158 BugTraq ID: 75098 http://www.securityfocus.com/bid/75098 CERT/CC vulnerability note: VU#810572 http://www.kb.cert.org/vuls/id/810572 Debian Security Information: DSA-3283 (Google Search) http://www.debian.org/security/2015/dsa-3283 https://www.exploit-db.com/exploits/37336/ https://www.exploit-db.com/exploits/41233/ https://security.gentoo.org/glsa/201510-07 http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html https://code.google.com/p/google-security-research/issues/detail?id=455 https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py RedHat Security Advisories: RHSA-2015:1123 http://rhn.redhat.com/errata/RHSA-2015-1123.html http://www.securitytracker.com/id/1032556 SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search) SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search) SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search) http://www.ubuntu.com/usn/USN-2629-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1159 BugTraq ID: 75106 http://www.securityfocus.com/bid/75106
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.