Permissions, Privileges, and Access Controls in Apple CUPS

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU43321

Risk: High

CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2012-5519

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Mitigation

Install update from vendor's website.

Vulnerable software versions

CUPS: 1.4.4

CPE2.3

• cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*

External links

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791
https://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
https://rhn.redhat.com/errata/RHSA-2013-0580.html
https://support.apple.com/kb/HT5784
https://www.openwall.com/lists/oss-security/2012/11/10/5
https://www.openwall.com/lists/oss-security/2012/11/11/2
https://www.openwall.com/lists/oss-security/2012/11/11/5
https://www.securityfocus.com/bid/56494
https://www.ubuntu.com/usn/USN-1654-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/80012

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.