Vulnerability identifier: #VU13885
Vulnerability risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
CUPS
Server applications /
Other server solutions
Vendor: Apple Inc.
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to unspecified flaw. A remote attacker can invoke the dnssd backend using an alternate name that has been hard linked to dnssd and bypass the AppArmor cupsd sandbox
Mitigation
Update to version 2.2.1.
Vulnerable software versions
CUPS: 1.0.4 - 2.2.0
External links
http://www.debian.org/security/2018/dsa-4243
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.