Vulnerabilities > CVE-2014-2707 - OS Command Injection vulnerability in Linuxfoundation Cups-Filters
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
- Command Delimiters An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
- Exploiting Multiple Input Interpretation Layers An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
- Argument Injection An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
- OS Command Injection In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-3036.NASL description New upstream bug-fix release which fixes a security flaw in cups-browsed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-17 plugin id 81848 published 2015-03-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81848 title Fedora 21 : cups-filters-1.0.66-1.fc21 (2015-3036) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-3036. # include("compat.inc"); if (description) { script_id(81848); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-2707", "CVE-2015-2265"); script_xref(name:"FEDORA", value:"2015-3036"); script_name(english:"Fedora 21 : cups-filters-1.0.66-1.fc21 (2015-3036)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New upstream bug-fix release which fixes a security flaw in cups-browsed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1199130" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151662.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?67b1f3ca" ); script_set_attribute( attribute:"solution", value:"Update the affected cups-filters package." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-filters"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"cups-filters-1.0.66-1.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-100.NASL description Updated cups-filters packages fix security vulnerabilities : Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6473). Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6474, CVE-2013-6475). Florian Weimer discovered that cups-filters did not restrict driver directories in in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6476). Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups-browsed daemon (CVE-2014-2707). In cups-filters before 1.0.53, out-of-bounds accesses in the process_browse_data function when reading the packet variable could leading to a crash, thus resulting in a denial of service (CVE-2014-4337). In cups-filters before 1.0.53, if there was only a single BrowseAllow line in cups-browsed.conf and its host specification was invalid, this was interpreted as if no BrowseAllow line had been specified, which resulted in it accepting browse packets from all hosts (CVE-2014-4338). The CVE-2014-2707 issue with malicious broadcast packets, which had been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been completely fixed by that update. A more complete fix was implemented in cups-filters 1.0.53 (CVE-2014-4336). Note that only systems that have enabled the affected feature by using the CreateIPPPrinterQueues configuration directive in /etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 / CVE-2014-4336 issue. last seen 2020-06-01 modified 2020-06-02 plugin id 82353 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82353 title Mandriva Linux Security Advisory : cups-filters (MDVSA-2015:100) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:100. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82353); script_version("1.3"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2013-6473", "CVE-2013-6474", "CVE-2013-6475", "CVE-2013-6476", "CVE-2014-2707", "CVE-2014-4336", "CVE-2014-4337", "CVE-2014-4338"); script_xref(name:"MDVSA", value:"2015:100"); script_name(english:"Mandriva Linux Security Advisory : cups-filters (MDVSA-2015:100)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated cups-filters packages fix security vulnerabilities : Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6473). Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6474, CVE-2013-6475). Florian Weimer discovered that cups-filters did not restrict driver directories in in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6476). Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups-browsed daemon (CVE-2014-2707). In cups-filters before 1.0.53, out-of-bounds accesses in the process_browse_data function when reading the packet variable could leading to a crash, thus resulting in a denial of service (CVE-2014-4337). In cups-filters before 1.0.53, if there was only a single BrowseAllow line in cups-browsed.conf and its host specification was invalid, this was interpreted as if no BrowseAllow line had been specified, which resulted in it accepting browse packets from all hosts (CVE-2014-4338). The CVE-2014-2707 issue with malicious broadcast packets, which had been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been completely fixed by that update. A more complete fix was implemented in cups-filters 1.0.53 (CVE-2014-4336). Note that only systems that have enabled the affected feature by using the CreateIPPPrinterQueues configuration directive in /etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 / CVE-2014-4336 issue." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0170.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0181.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0267.html" ); script_set_attribute( attribute:"solution", value: "Update the affected cups-filters, lib64cups-filters-devel and / or lib64cups-filters1 packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups-filters-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups-filters1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"cups-filters-1.0.53-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64cups-filters-devel-1.0.53-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64cups-filters1-1.0.53-1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-492.NASL description cups-filters was updated to fix three security issues. These security issues were fixed : - CVE-2015-2265: The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allowed remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707 (bsc#921753). - CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018). - CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281). last seen 2020-06-05 modified 2015-07-15 plugin id 84756 published 2015-07-15 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84756 title openSUSE Security Update : cups-filters (openSUSE-2015-492) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-492. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(84756); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-2707", "CVE-2015-2265", "CVE-2015-3258", "CVE-2015-3279"); script_name(english:"openSUSE Security Update : cups-filters (openSUSE-2015-492)"); script_summary(english:"Check for the openSUSE-2015-492 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "cups-filters was updated to fix three security issues. These security issues were fixed : - CVE-2015-2265: The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allowed remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707 (bsc#921753). - CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018). - CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=921753" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=936281" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=937018" ); script_set_attribute( attribute:"solution", value:"Update the affected cups-filters packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-cups-browsed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-cups-browsed-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-foomatic-rip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-foomatic-rip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cups-filters-ghostscript-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-cups-browsed-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-cups-browsed-debuginfo-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-debuginfo-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-debugsource-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-devel-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-foomatic-rip-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-foomatic-rip-debuginfo-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-ghostscript-1.0.58-2.7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"cups-filters-ghostscript-debuginfo-1.0.58-2.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups-filters / cups-filters-cups-browsed / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-5765.NASL description This update fixes two flaws and various bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-06 plugin id 73877 published 2014-05-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73877 title Fedora 20 : cups-filters-1.0.53-1.fc20 (2014-5765) NASL family Fedora Local Security Checks NASL id FEDORA_2014-4708.NASL description Update fixes remote command injection vulnerability in cups-browsed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-16 plugin id 73539 published 2014-04-16 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73539 title Fedora 20 : cups-filters-1.0.41-6.fc20 (2014-4708) NASL family Fedora Local Security Checks NASL id FEDORA_2014-5759.NASL description This update fixes two flaws and various bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-10 plugin id 74382 published 2014-06-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74382 title Fedora 19 : cups-filters-1.0.53-2.fc19 (2014-5759) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2949.NASL description New upstream bug-fix release which fixes a security flaw in cups-browsed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-17 plugin id 81844 published 2015-03-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81844 title Fedora 22 : cups-filters-1.0.66-1.fc22 (2015-2949) NASL family Fedora Local Security Checks NASL id FEDORA_2015-3003.NASL description This fixes a security flaw in cups-browsed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-17 plugin id 81846 published 2015-03-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81846 title Fedora 20 : cups-filters-1.0.53-6.fc20 (2015-3003) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2210-1.NASL description Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. (CVE-2014-2707) Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow directives. This could cause it to accept browse packets from all hosts, contrary to intended configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 73941 published 2014-05-09 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73941 title Ubuntu 14.04 LTS : cups-filters vulnerability (USN-2210-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-16.NASL description The remote host is affected by the vulnerability described in GLSA-201406-16 (cups-filters: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cups-filters. Please review the CVE identifiers referenced below for more details about the vulnerabilities. Impact : A remote attacker(s) could possibly execute arbitrary code utilizing multiple attack vectors, or a local attacker could gain escalated privileges via a specially crafted shared library. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76084 published 2014-06-17 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76084 title GLSA-201406-16 : cups-filters: Multiple vulnerabilities
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2014-2707 CUPS是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 cups-filters cups-browsed没有正确过滤打印机名和PDL的输入,允许攻击者利用漏洞提交恶意请求注入和执行任意shell命令。 0 cups-filters 1.x cups-filters 1.0.51版本已修复该漏洞,建议用户下载使用: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS |
| id | SSV:62206 |
| last seen | 2017-11-19 |
| modified | 2014-04-17 |
| published | 2014-04-17 |
| reporter | Root |
| title | cups-filters cups-browsed OS命令注入漏洞 |
References
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html
- http://seclists.org/oss-sec/2014/q2/13
- http://secunia.com/advisories/57530
- http://www.ubuntu.com/usn/USN-2210-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1083326