Vulnerability Note VU#810572
CUPS print service is vulnerable to privilege escalation and cross-site scripting
CUPS implements the Internet Printing Protocol (IPP) for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error.
CWE-911: Improper Update of Reference Count - CVE-2015-1158
An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap. The dangling pointer causes ACL verification to fail when parsing 'admin/conf' and 'admin' ACLs. The ACL handling failure results in unrestricted access to privileged operations, allowing an unauthenticated remote user to upload a replacement CUPS configuration file and mount further attacks.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple||Affected||06 May 2015||08 May 2015|
|FreeBSD Project||Affected||08 May 2015||10 Jun 2015|
|openSUSE project||Affected||08 May 2015||10 Jun 2015|
|SUSE Linux||Affected||08 May 2015||10 Jun 2015|
|CentOS||Unknown||08 May 2015||08 May 2015|
|Debian GNU/Linux||Unknown||08 May 2015||08 May 2015|
|DesktopBSD||Unknown||08 May 2015||08 May 2015|
|DragonFly BSD Project||Unknown||08 May 2015||08 May 2015|
|EMC Corporation||Unknown||08 May 2015||08 May 2015|
|F5 Networks, Inc.||Unknown||08 May 2015||08 May 2015|
|Fedora Project||Unknown||08 May 2015||08 May 2015|
|Gentoo Linux||Unknown||08 May 2015||08 May 2015|
|Hewlett-Packard Company||Unknown||08 May 2015||08 May 2015|
|Hitachi||Unknown||08 May 2015||08 May 2015|
|IBM Corporation||Unknown||08 May 2015||08 May 2015|
CVSS Metrics (Learn More)
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-1158 CVE-2015-1159
- Date Public: 08 Jun 2015
- Date First Published: 09 Jun 2015
- Date Last Updated: 10 Jun 2015
- Document Revision: 42
If you have feedback, comments, or additional information about this vulnerability, please send us email.