Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.850659
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for cups (openSUSE-SU-2015:1056-1)
Summary:The remote host is missing an update for the 'cups'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'cups'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update fixes the following issues:

- CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation
via cross-site scripting and bad print job submission used to replace
cupsd.conf on server (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158
CVE-2015-1159 bugzilla.suse.com bsc#924208). In general it is crucial to
limit access to CUPS to trustworthy users who do not misuse their
permission to submit print jobs which means to upload arbitrary data
onto the CUPS server, see the references and cf. the
entries about CVE-2012-5519.

Affected Software/OS:
cups on openSUSE 13.1

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5519
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
BugTraq ID: 56494
http://www.securityfocus.com/bid/56494
http://www.openwall.com/lists/oss-security/2012/11/10/5
http://www.openwall.com/lists/oss-security/2012/11/11/2
http://www.openwall.com/lists/oss-security/2012/11/11/5
RedHat Security Advisories: RHSA-2013:0580
http://rhn.redhat.com/errata/RHSA-2013-0580.html
SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
http://www.ubuntu.com/usn/USN-1654-1
XForce ISS Database: cups-systemgroup-priv-esc(80012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80012
Common Vulnerability Exposure (CVE) ID: CVE-2015-1158
BugTraq ID: 75098
http://www.securityfocus.com/bid/75098
CERT/CC vulnerability note: VU#810572
http://www.kb.cert.org/vuls/id/810572
Debian Security Information: DSA-3283 (Google Search)
http://www.debian.org/security/2015/dsa-3283
https://www.exploit-db.com/exploits/37336/
https://www.exploit-db.com/exploits/41233/
https://security.gentoo.org/glsa/201510-07
http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html
https://code.google.com/p/google-security-research/issues/detail?id=455
https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py
RedHat Security Advisories: RHSA-2015:1123
http://rhn.redhat.com/errata/RHSA-2015-1123.html
http://www.securitytracker.com/id/1032556
http://www.ubuntu.com/usn/USN-2629-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1159
BugTraq ID: 75106
http://www.securityfocus.com/bid/75106
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.