Debian update for cups

1) Command injection

EUVDB-ID: #VU13880

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15400

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to command injection. A remote unauthenticated attacker can set a malicious IPP server with a crafted PPD file, inject and execute arbitrary commands with the privilege of the CUPS daemon.

Mitigation

Update the affected package to version: 2.2.1-8+deb9u2

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4243

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Privilege escalation

EUVDB-ID: #VU13881

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4180

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to unspecified flaw. A local attacker with access to cupsctl can set an environment variable and gain elevated privileges.

Mitigation

Update the affected package to version: 2.2.1-8+deb9u2

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4243

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU13882

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4181

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to unspecified flaw. A local attacker can manipulate cupsd.conf and read arbitrary files with root privileges.

Mitigation

Update the affected package to version: 2.2.1-8+deb9u2

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4243

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Security restrictions bypass

EUVDB-ID: #VU13883

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4182

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to an error in CUPS' profile creation. A remote attacker with sandboxed root access can bypass security restrictions and execute backends without a sandbox profile.

Mitigation

Update the affected package to version: 2.2.1-8+deb9u2

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4243

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Command injection

EUVDB-ID: #VU13884

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4183

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to command injection. A remote attacker with sandboxed root access can modify /etc/cups/cups-files.conf, inject and execute arbitrary commands as unsandboxed root.

Mitigation

Update the affected package to version: 2.2.1-8+deb9u2

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4243

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security restrictions bypass

EUVDB-ID: #VU13885

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6553

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to unspecified flaw. A remote attacker can invoke the dnssd backend using an alternate name that has been hard linked to dnssd and bypass the AppArmor cupsd sandbox

Mitigation

Update the affected package to version: 2.2.1-8+deb9u2

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4243

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.