[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4243-1 cups -- cups

ID: oval:org.secpod.oval:def:603450Date: (C)2018-07-16   (M)2018-10-10
Class: PATCHFamily: unix




Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System. These issues have been identified with the following CVE ids: CVE-2017-15400 Rory McNamara discovered that an attacker is able to execute arbitrary commands by setting a malicious IPP server with a crafted PPD file. CVE-2018-4180 Dan Bastone of Gotham Digital Science discovered that a local attacker with access to cupsctl could escalate privileges by setting an environment variable. CVE-2018-4181 Eric Rafaloff and John Dunlap of Gotham Digital Science discovered that a local attacker can perform limited reads of arbitrary files as root by manipulating cupsd.conf. CVE-2018-4182 Dan Bastone of Gotham Digital Science discovered that an attacker with sandboxed root access can execute backends without a sandbox profile by provoking an error in CUPS" profile creation. CVE-2018-4183 Dan Bastone and Eric Rafaloff of Gotham Digital Science discovered that an attacker with sandboxed root access can execute arbitrary commands as unsandboxed root by modifying /etc/cups/cups-files.conf CVE-2018-6553 Dan Bastone of Gotham Digital Science discovered that an attacker can bypass the AppArmor cupsd sandbox by invoking the dnssd backend using an alternate name that has been hard linked to dnssd.

Platform:
Debian 9.x
Product:
cups
Reference:
DSA-4243-1
CVE-2017-15400
CVE-2018-4180
CVE-2018-4181
CVE-2018-4182
CVE-2018-4183
CVE-2018-6553
CVE    2
CVE-2017-15400
CVE-2018-6553
CPE    253
cpe:/o:google:chrome_os:20.0.1132.7
cpe:/o:google:chrome_os:21.0.1180.35
cpe:/o:google:chrome_os:20.0.1132.8
cpe:/o:google:chrome_os:21.0.1180.34
...

© SecPod Technologies