SNS Vulnerability

CUPS Multiple Vulnerabilities Fixed by 2.0.3

Description

(#Several vulnerabilities were reported in the CUPS printing system:#- CVE-2015-1158: improper parsing of print job request. A remote attacker can exploit it by sending specially crafted requests in order to bypass ACL's protecting privileged operations and upload a replacement configuration file in order to execute arbitrary code with high privileges##- CVE-2015-1159: cross-site scripting located in the "QUERY" parameter of the web interface help page (/help). A remote attacker can exploit it by enticing their victim into following a specially crafted link in order to execute arbitrary JavaScript code##- infinite loop by sending a specially crafted gzip file.##The cups-base packages provided by FreeBSD are vulnerable.#Updated, 22/06/2015:#Proofs of concept for the two vulnerabilities (CVE-2015-1158 and CVE-2015-1159) are available.##Updated, 03/02/2017:#An exploitation code is available for the CVE-2015-1158 vulnerability.)

Vulnerable Products

Vulnerable OS:
CentOS (Red Hat) - 6, 7Enterprise Linux 6 (Red Hat) - Desktop, HPC Node, Server, WorkstationEnterprise Linux 7 (Red Hat) - Desktop, HPC Node, Server, WorkstationFedora (Red Hat) - 21, 22FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 6, 7, 8Linux Enterprise Desktop (SUSE) - 11 SP3, 12Linux Enterprise Server (SUSE) - 11 SP3, 11 SP3 SDK, 12, 12 SDKLinux Server (Oracle) - 6, 7openSUSE (SUSE) - 13.1, 13.2Ubuntu Linux (Ubuntu) - 12.04 LTS, 14.04 LTS, 14.10, 15.04Vulnerable Software:
CUPS (Apple) - 1.2.x, 1.3.1, 1.3.10, 1.3.2, 1.3.3, ..., 1.7.4, 2.0, 2.0.1, 2.0.2, 2.0.3

Solution

Fixed cups packages for Fedora 21 and 22 are available.

CVE

CVE-2015-1159
CVE-2015-1158

References

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

High

Vulnerability First Public Report Date

2015-06-09

Target Type

Server

Possible exploit

Remote