SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CUPS Vendors:   Easy Software Products
(CentOS Issues Fix) CUPS Bugs Let Remote Users Gain Elevated Privileges and Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1032641
SecurityTracker URL:  http://securitytracker.com/id/1032641
CVE Reference:   CVE-2015-1158, CVE-2015-1159   (Links to External Site)
Date:  Jun 18 2015
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.0.3
Description:   Two vulnerabilities were reported in CUPS. A remote user can gain elevated privileges on the target system. A remote user can conduct cross-site scripting attacks.

A remote user can send specially crafted localized strings to cause the the 'admin/conf' and 'admin' access control lists to fail, granting the remote user full control of the target system [CVE-2015-1158]. Version 1.2.0 and later are affected.

The CUPS templating engine does not properly filter HTML code from user-supplied input before displaying the input [CVE-2015-1159]. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the CUPS web interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The original advisory is available at:

https://www.kb.cert.org/vuls/id/810572

Google reported this vulnerability.

Impact:   A remote user can gain full control of the target system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the CUPS web interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   CentOS has issued a fix.

i386:
66ec9a6b8eae38c42730cfe9bc7bc692f3f09a833edd36f19c5358fef55e3d38 cups-1.4.2-67.el6_6.1.i686.rpm
d8828f29adc025acc0fbb338f6dddbcbe0802749eed42b15d972592ab53c0b6d cups-devel-1.4.2-67.el6_6.1.i686.rpm
3322ec2e7dffe6fbc9c45b4868cf680604f10059dc7a3cb4d0bb10f3d6e5e3a3 cups-libs-1.4.2-67.el6_6.1.i686.rpm
8e2764b166884672cbbeab1c5b93ca301f57144fc29ee641d9b5175d5104cdf2 cups-lpd-1.4.2-67.el6_6.1.i686.rpm
2bd30d9e1e6891dec1ae2b18ffa709c3b0e0c28e51cd1f3d5a07171f0ccc6bb5 cups-php-1.4.2-67.el6_6.1.i686.rpm

x86_64:
34abf99f7ef817dfdd2000581dd00a6a0e58a971a7b0ab4f01e3d2b6d782c4bc cups-1.4.2-67.el6_6.1.x86_64.rpm
d8828f29adc025acc0fbb338f6dddbcbe0802749eed42b15d972592ab53c0b6d cups-devel-1.4.2-67.el6_6.1.i686.rpm
bce9e461adf875feb74a5b9bf273e0d6d4471fe3968d544987296761cec1a840 cups-devel-1.4.2-67.el6_6.1.x86_64.rpm
3322ec2e7dffe6fbc9c45b4868cf680604f10059dc7a3cb4d0bb10f3d6e5e3a3 cups-libs-1.4.2-67.el6_6.1.i686.rpm
b6da7e01721b2ce11affe423d77de600ffedb9f6499399a7f23102705d4dfbf2 cups-libs-1.4.2-67.el6_6.1.x86_64.rpm
d24718b3355681f4feec4378bb6c20e304cebe822d62af818acd6d24cf21a5e2 cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm
c3f21692061194bb7c2884659ad1ebc341d829d820a70748e1f35d243272700f cups-php-1.4.2-67.el6_6.1.x86_64.rpm

Source:
232eea3a52f7b16c040c3e8dec51ff3ff9727439bb6aebc414f93cbed320ce24 cups-1.4.2-67.el6_6.1.src.rpm

Vendor URL:  www.cups.org/blog.php?L1082 (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Jun 10 2015 CUPS Bugs Let Remote Users Gain Elevated Privileges and Conduct Cross-Site Scripting Attacks



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:1123 Important CentOS 6 cups Security Update


CentOS Errata and Security Advisory 2015:1123 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1123.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
66ec9a6b8eae38c42730cfe9bc7bc692f3f09a833edd36f19c5358fef55e3d38  cups-1.4.2-67.el6_6.1.i686.rpm
d8828f29adc025acc0fbb338f6dddbcbe0802749eed42b15d972592ab53c0b6d  cups-devel-1.4.2-67.el6_6.1.i686.rpm
3322ec2e7dffe6fbc9c45b4868cf680604f10059dc7a3cb4d0bb10f3d6e5e3a3  cups-libs-1.4.2-67.el6_6.1.i686.rpm
8e2764b166884672cbbeab1c5b93ca301f57144fc29ee641d9b5175d5104cdf2  cups-lpd-1.4.2-67.el6_6.1.i686.rpm
2bd30d9e1e6891dec1ae2b18ffa709c3b0e0c28e51cd1f3d5a07171f0ccc6bb5  cups-php-1.4.2-67.el6_6.1.i686.rpm

x86_64:
34abf99f7ef817dfdd2000581dd00a6a0e58a971a7b0ab4f01e3d2b6d782c4bc  cups-1.4.2-67.el6_6.1.x86_64.rpm
d8828f29adc025acc0fbb338f6dddbcbe0802749eed42b15d972592ab53c0b6d  cups-devel-1.4.2-67.el6_6.1.i686.rpm
bce9e461adf875feb74a5b9bf273e0d6d4471fe3968d544987296761cec1a840  cups-devel-1.4.2-67.el6_6.1.x86_64.rpm
3322ec2e7dffe6fbc9c45b4868cf680604f10059dc7a3cb4d0bb10f3d6e5e3a3  cups-libs-1.4.2-67.el6_6.1.i686.rpm
b6da7e01721b2ce11affe423d77de600ffedb9f6499399a7f23102705d4dfbf2  cups-libs-1.4.2-67.el6_6.1.x86_64.rpm
d24718b3355681f4feec4378bb6c20e304cebe822d62af818acd6d24cf21a5e2  cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm
c3f21692061194bb7c2884659ad1ebc341d829d820a70748e1f35d243272700f  cups-php-1.4.2-67.el6_6.1.x86_64.rpm

Source:
232eea3a52f7b16c040c3e8dec51ff3ff9727439bb6aebc414f93cbed320ce24  cups-1.4.2-67.el6_6.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC