CUPS implements the Internet Printing Protocol (IPP) for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error.
CWE-911: Improper Update of Reference Count - CVE-2015-1158
An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope, creating a dangling pointer to a repurposed block of memory on the heap. The dangling pointer causes ACL verification to fail when parsing 'admin/conf' and 'admin' ACLs. The ACL handling failure results in unrestricted access to privileged operations, allowing an unauthenticated remote user to upload a replacement CUPS configuration file and mount further attacks.
Apply an update
This document was written by Garret Wassermann.