ID CVE-2004-2154
Summary CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
References
Vulnerable Configurations
  • cpe:2.3:a:easy_software_products:cups:1.0.4
    cpe:2.3:a:easy_software_products:cups:1.0.4
  • cpe:2.3:a:easy_software_products:cups:1.0.4_8
    cpe:2.3:a:easy_software_products:cups:1.0.4_8
  • cpe:2.3:a:easy_software_products:cups:1.1.1
    cpe:2.3:a:easy_software_products:cups:1.1.1
  • cpe:2.3:a:easy_software_products:cups:1.1.4
    cpe:2.3:a:easy_software_products:cups:1.1.4
  • cpe:2.3:a:easy_software_products:cups:1.1.4_2
    cpe:2.3:a:easy_software_products:cups:1.1.4_2
  • cpe:2.3:a:easy_software_products:cups:1.1.4_3
    cpe:2.3:a:easy_software_products:cups:1.1.4_3
  • cpe:2.3:a:easy_software_products:cups:1.1.4_5
    cpe:2.3:a:easy_software_products:cups:1.1.4_5
  • cpe:2.3:a:easy_software_products:cups:1.1.6
    cpe:2.3:a:easy_software_products:cups:1.1.6
  • cpe:2.3:a:easy_software_products:cups:1.1.7
    cpe:2.3:a:easy_software_products:cups:1.1.7
  • cpe:2.3:a:easy_software_products:cups:1.1.10
    cpe:2.3:a:easy_software_products:cups:1.1.10
  • cpe:2.3:a:easy_software_products:cups:1.1.12
    cpe:2.3:a:easy_software_products:cups:1.1.12
  • cpe:2.3:a:easy_software_products:cups:1.1.13
    cpe:2.3:a:easy_software_products:cups:1.1.13
  • cpe:2.3:a:easy_software_products:cups:1.1.14
    cpe:2.3:a:easy_software_products:cups:1.1.14
  • cpe:2.3:a:easy_software_products:cups:1.1.15
    cpe:2.3:a:easy_software_products:cups:1.1.15
  • cpe:2.3:a:easy_software_products:cups:1.1.16
    cpe:2.3:a:easy_software_products:cups:1.1.16
  • cpe:2.3:a:easy_software_products:cups:1.1.17
    cpe:2.3:a:easy_software_products:cups:1.1.17
  • cpe:2.3:a:easy_software_products:cups:1.1.18
    cpe:2.3:a:easy_software_products:cups:1.1.18
  • cpe:2.3:a:easy_software_products:cups:1.1.19
    cpe:2.3:a:easy_software_products:cups:1.1.19
  • cpe:2.3:a:easy_software_products:cups:1.1.19_rc5
    cpe:2.3:a:easy_software_products:cups:1.1.19_rc5
  • cpe:2.3:a:easy_software_products:cups:1.1.20
    cpe:2.3:a:easy_software_products:cups:1.1.20
CVSS
Base: 7.5 (as of 06-07-2005 - 13:39)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-571.NASL
    description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a request, the CUPS scheduler would use case-sensitive matching on the queue name to decide which authorization policy should be used. However, queue names are not case-sensitive. An unauthorized user could print to a password-protected queue without needing a password. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2154 to this issue. Please note that the version of CUPS included in Red Hat Enterprise Linux 4 is not vulnerable to this issue. All users of CUPS should upgrade to these erratum packages which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21842
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21842
    title CentOS 3 : cups (CESA-2005:571)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-571.NASL
    description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a request, the CUPS scheduler would use case-sensitive matching on the queue name to decide which authorization policy should be used. However, queue names are not case-sensitive. An unauthorized user could print to a password-protected queue without needing a password. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2154 to this issue. Please note that the version of CUPS included in Red Hat Enterprise Linux 4 is not vulnerable to this issue. All users of CUPS should upgrade to these erratum packages which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19213
    published 2005-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19213
    title RHEL 3 : cups (RHSA-2005:571)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-185-1.NASL
    description A flaw was detected in the printer access control list checking in the CUPS server. Printer names were compared in a case sensitive manner; by modifying the capitalization of printer names, a remote attacker could circumvent ACLs and print to printers he should not have access to. The Ubuntu 5.04 version of cupsys is not vulnerable against this. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20596
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20596
    title Ubuntu 4.10 : cupsys vulnerability (USN-185-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-165.NASL
    description A vulnerability in CUPS would treat a Location directive in cupsd.conf as case-sensitive, allowing attackers to bypass intended ACLs via a printer name containing uppercase or lowecase letters that are different from that which was specified in the Location directive. This issue only affects versions of CUPS prior to 1.1.21rc1. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19920
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19920
    title Mandrake Linux Security Advisory : cups (MDKSA-2005:165)
oval via4
accepted 2013-04-29T04:23:28.966-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
family unix
id oval:org.mitre.oval:def:9940
status accepted
submitted 2010-07-09T03:56:16-04:00
title CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
version 23
redhat via4
advisories
rhsa
id RHSA-2005:571
refmap via4
confirm
fedora FLSA:163274
suse SUSE-SR:2005:018
ubuntu USN-185-1
Last major update 21-08-2010 - 00:23
Published 31-12-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top