Sign-up

ID

VAR-201401-0275


CVE

CVE-2013-6891


TITLE

CUPS of lppasswd Vulnerabilities in which some files can be read

Trust: 0.8

sources: JVNDB: JVNDB-2013-005925

DESCRIPTION

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. Cups is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on affected computers. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in Apple CUPS versions prior to 1.7.1 that stems from a bug in the configuration of the lppasswd application. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions (CVE-2013-6891). ========================================================================== Ubuntu Security Notice USN-2082-1 January 15, 2014 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 Summary: CUPS could be made to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: cups-client 1.7.0~rc1-0ubuntu5.2 Ubuntu 13.04: cups-client 1.6.2-1ubuntu8 Ubuntu 12.10: cups-client 1.6.1-0ubuntu11.5 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2082-1 CVE-2013-6891 Package Information: https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.2 https://launchpad.net/ubuntu/+source/cups/1.6.2-1ubuntu8 https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.5 . Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function (CVE-2014-2856). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 8143b2a3b767ee960c28f10516d55d2a mes5/i586/cups-1.3.10-0.7mdvmes5.2.i586.rpm bc9a8e5908dc217cb7e985dcaa090948 mes5/i586/cups-common-1.3.10-0.7mdvmes5.2.i586.rpm 64176366b00b7c3e7f7f35f35aafe26d mes5/i586/cups-serial-1.3.10-0.7mdvmes5.2.i586.rpm c4926d589017411ae66815746ee6c6ba mes5/i586/libcups2-1.3.10-0.7mdvmes5.2.i586.rpm 2e2ba1cd0bfa7dcd21276255ff4d747c mes5/i586/libcups2-devel-1.3.10-0.7mdvmes5.2.i586.rpm 5171a744370db45781755f21d3f56f7c mes5/i586/php-cups-1.3.10-0.7mdvmes5.2.i586.rpm 1658bb3253e9d923361e9a078be83a5b mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 9030814a190e5e1892e9a0d08e88f645 mes5/x86_64/cups-1.3.10-0.7mdvmes5.2.x86_64.rpm 27119afd41865890903bf904130ee425 mes5/x86_64/cups-common-1.3.10-0.7mdvmes5.2.x86_64.rpm e9bdae3ea58237d04e1b0696bc792113 mes5/x86_64/cups-serial-1.3.10-0.7mdvmes5.2.x86_64.rpm cae11ff7c5eac9fdd9716526dbcb179d mes5/x86_64/lib64cups2-1.3.10-0.7mdvmes5.2.x86_64.rpm 91bbc04883ddcf7c1b7e4f9609a81fd6 mes5/x86_64/lib64cups2-devel-1.3.10-0.7mdvmes5.2.x86_64.rpm 160961b924ac72272951552d3641a7ec mes5/x86_64/php-cups-1.3.10-0.7mdvmes5.2.x86_64.rpm 1658bb3253e9d923361e9a078be83a5b mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTddX2mqjQ0CJFipgRAtgAAKCXOPqgzFuMZiQtBTaVqF1CQ+qspACfRw2C GRomzZDVSFilfqhmbpIJHDU= =ZAUC -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2013-6891 // JVNDB: JVNDB-2013-005925 // BID: 64985 // VULHUB: VHN-66893 // PACKETSTORM: 124889 // PACKETSTORM: 124797 // PACKETSTORM: 126691

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.10

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:13.04

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:13.10

Trust: 1.6

vendor:applemodel:cupsscope:lteversion:1.7.0

Trust: 1.0

vendor:applemodel:cupsscope:eqversion:1.7

Trust: 1.0

vendor:applemodel:cupsscope:eqversion:1.7.1

Trust: 1.0

vendor:canonicalmodel:ubuntuscope:eqversion:12.10

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:13.04

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:13.10

Trust: 0.8

vendor:applemodel:cupsscope:ltversion:1.7.1

Trust: 0.8

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

sources: BID: 64985 // JVNDB: JVNDB-2013-005925 // CNNVD: CNNVD-201401-537 // NVD: CVE-2013-6891

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6891
value: LOW

Trust: 1.0

NVD: CVE-2013-6891
value: LOW

Trust: 0.8

CNNVD: CNNVD-201401-537
value: LOW

Trust: 0.6

VULHUB: VHN-66893
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-6891
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66893
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66893 // JVNDB: JVNDB-2013-005925 // CNNVD: CNNVD-201401-537 // NVD: CVE-2013-6891

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

sources: VULHUB: VHN-66893 // JVNDB: JVNDB-2013-005925 // NVD: CVE-2013-6891

THREAT TYPE

local

Trust: 1.1

sources: BID: 64985 // PACKETSTORM: 124889 // PACKETSTORM: 124797 // CNNVD: CNNVD-201401-537

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201401-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005925

PATCH
title:STR #4319 lppasswd vulnerabilityurl:http://www.cups.org/str.php?L4319
Trust: 0.8
title:Article #704url:http://www.cups.org/blog.php?L704
Trust: 0.8
title:USN-2082-1url:http://www.ubuntu.com/usn/USN-2082-1/
Trust: 0.8
title:cups-1.7.1-sourceurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47726
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-005925 // 
            
            
            
            CNNVD: CNNVD-201401-537

EXTERNAL IDS
db:NVDid:CVE-2013-6891
Trust: 3.1
db:SECUNIAid:56531
Trust: 1.7
db:JVNDBid:JVNDB-2013-005925
Trust: 0.8
db:CNNVDid:CNNVD-201401-537
Trust: 0.7
db:UBUNTUid:USN-2082-1
Trust: 0.6
db:BIDid:64985
Trust: 0.4
db:PACKETSTORMid:126691
Trust: 0.2
db:PACKETSTORMid:124889
Trust: 0.2
db:PACKETSTORMid:124797
Trust: 0.2
db:VULHUBid:VHN-66893
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66893 // 
            
            
            
            BID: 64985 // 
            
            
            
            JVNDB: JVNDB-2013-005925 // 
            
            
            
            PACKETSTORM: 124889 // 
            
            
            
            PACKETSTORM: 124797 // 
            
            
            
            PACKETSTORM: 126691 // 
            
            
            
            CNNVD: CNNVD-201401-537 // 
            
            
            
            NVD: CVE-2013-6891

REFERENCES
url:http://advisories.mageia.org/mgasa-2014-0021.html
Trust: 2.0
url:http://www.ubuntu.com/usn/usn-2082-1
Trust: 1.8
url:http://www.cups.org/blog.php?l704
Trust: 1.7
url:http://www.cups.org/str.php?l4319
Trust: 1.7
url:http://secunia.com/advisories/56531
Trust: 1.7
url:http://www.mandriva.com/security/advisories?name=mdvsa-2014:015
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6891
Trust: 1.0
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6891
Trust: 0.8
url:http://www.cups.org/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2013-6891
Trust: 0.3
url:http://www.mandriva.com/en/support/security/
Trust: 0.2
url:http://www.mandriva.com/en/support/security/advisories/
Trust: 0.2
url:https://launchpad.net/ubuntu/+source/cups/1.6.2-1ubuntu8
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.2
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.5
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-2856
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2856
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66893 // 
            
            
            
            BID: 64985 // 
            
            
            
            JVNDB: JVNDB-2013-005925 // 
            
            
            
            PACKETSTORM: 124889 // 
            
            
            
            PACKETSTORM: 124797 // 
            
            
            
            PACKETSTORM: 126691 // 
            
            
            
            CNNVD: CNNVD-201401-537 // 
            
            
            
            NVD: CVE-2013-6891

CREDITS
Jann Horn
Trust: 0.3
sources:
            
            
            BID: 64985

SOURCES
db:VULHUBid:VHN-66893
db:BIDid:64985
db:JVNDBid:JVNDB-2013-005925
db:PACKETSTORMid:124889
db:PACKETSTORMid:124797
db:PACKETSTORMid:126691
db:CNNVDid:CNNVD-201401-537
db:NVDid:CVE-2013-6891

LAST UPDATE DATE
2024-08-14T12:56:36.387000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66893date:2014-03-06T00:00:00
db:BIDid:64985date:2014-05-19T00:52:00
db:JVNDBid:JVNDB-2013-005925date:2015-08-03T00:00:00
db:CNNVDid:CNNVD-201401-537date:2014-01-28T00:00:00
db:NVDid:CVE-2013-6891date:2014-03-06T04:49:52.017

SOURCES RELEASE DATE
db:VULHUBid:VHN-66893date:2014-01-26T00:00:00
db:BIDid:64985date:2013-12-19T00:00:00
db:JVNDBid:JVNDB-2013-005925date:2014-01-28T00:00:00
db:PACKETSTORMid:124889date:2014-01-23T00:40:06
db:PACKETSTORMid:124797date:2014-01-15T17:42:00
db:PACKETSTORMid:126691date:2014-05-19T03:19:36
db:CNNVDid:CNNVD-201401-537date:2014-01-28T00:00:00
db:NVDid:CVE-2013-6891date:2014-01-26T01:55:09.563