ID CVE-2015-1158
Summary The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:cups:cups:-:*:*:*:*:*:*:*
    cpe:2.3:a:cups:cups:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 23-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
rhsa
id RHSA-2015:1123
rpms
  • cups-1:1.4.2-67.el6_6.1
  • cups-devel-1:1.4.2-67.el6_6.1
  • cups-libs-1:1.4.2-67.el6_6.1
  • cups-lpd-1:1.4.2-67.el6_6.1
  • cups-php-1:1.4.2-67.el6_6.1
  • cups-1:1.6.3-17.el7_1.1
  • cups-client-1:1.6.3-17.el7_1.1
  • cups-devel-1:1.6.3-17.el7_1.1
  • cups-filesystem-1:1.6.3-17.el7_1.1
  • cups-ipptool-1:1.6.3-17.el7_1.1
  • cups-libs-1:1.6.3-17.el7_1.1
  • cups-lpd-1:1.6.3-17.el7_1.1
refmap via4
bid 75098
cert-vn VU#810572
confirm
debian DSA-3283
exploit-db
  • 37336
  • 41233
gentoo GLSA-201510-07
misc
sectrack 1032556
suse
  • SUSE-SU-2015:1041
  • SUSE-SU-2015:1044
  • openSUSE-SU-2015:1056
ubuntu USN-2629-1
Last major update 23-09-2017 - 01:29
Published 26-06-2015 - 10:59
Back to Top