ID

VAR-201407-0413


CVE

CVE-2014-5029


TITLE

CUPS of Web Vulnerability to read arbitrary files in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2014-003632

DESCRIPTION

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. CUPS is prone to a local privilege-escalation vulnerability. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible. Note: This issue is the result of an incomplete fix for the issue described in 68788 (CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability). An attacker with local access could potentially exploit this issue to gain elevated privileges. CUPS 1.7.4 and earlier versions are vulnerable. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. ============================================================================ Ubuntu Security Notice USN-2341-1 September 08, 2014 cups vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: CUPS could be made to expose sensitive information, leading to privilege escalation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.2 Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu8.5 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.13 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2014:1388-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1388.html Issue date: 2014-10-14 CVE Names: CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 ===================================================================== 1. Summary: Updated cups packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. (CVE-2014-2856) It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031) The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat Product Security. These updated cups packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 978387 - Bad IPP responses with version 2.0 (collection handling bug) 1012482 - /etc/cron.daily/cups breaks rule GEN003080 in Red Hat security guide 1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release 1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation 1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537 1128764 - CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack 1128767 - CVE-2014-5031 cups: world-readable permissions 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: cups-1.4.2-67.el6.src.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm ppc64: cups-1.4.2-67.el6.ppc64.rpm cups-debuginfo-1.4.2-67.el6.ppc.rpm cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-devel-1.4.2-67.el6.ppc.rpm cups-devel-1.4.2-67.el6.ppc64.rpm cups-libs-1.4.2-67.el6.ppc.rpm cups-libs-1.4.2-67.el6.ppc64.rpm cups-lpd-1.4.2-67.el6.ppc64.rpm s390x: cups-1.4.2-67.el6.s390x.rpm cups-debuginfo-1.4.2-67.el6.s390.rpm cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-devel-1.4.2-67.el6.s390.rpm cups-devel-1.4.2-67.el6.s390x.rpm cups-libs-1.4.2-67.el6.s390.rpm cups-libs-1.4.2-67.el6.s390x.rpm cups-lpd-1.4.2-67.el6.s390x.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm ppc64: cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-php-1.4.2-67.el6.ppc64.rpm s390x: cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-php-1.4.2-67.el6.s390x.rpm x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-2856.html https://www.redhat.com/security/data/cve/CVE-2014-3537.html https://www.redhat.com/security/data/cve/CVE-2014-5029.html https://www.redhat.com/security/data/cve/CVE-2014-5030.html https://www.redhat.com/security/data/cve/CVE-2014-5031.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKsIXlSAg2UNWIIRApSvAJ9WxP5yQ+v5GDRGnSINYq0Pro0AoQCfXZqW WjIIQcBG+Sou8Is2vIFlLok= =5S/K -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679 http://advisories.mageia.org/MGASA-2014-0193.html http://advisories.mageia.org/MGASA-2014-0313.html http://advisories.mageia.org/MGASA-2015-0067.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF6q1mqjQ0CJFipgRAuxXAKDq8A/WlNzp54yRN7xnKy8ZBaRZQwCfSAh0 n7hHPzmYVzh2wFP6PffIl0E= =ykhv -----END PGP SIGNATURE----- . For the stable distribution (wheezy), these problems have been fixed in version 1.5.3-5+deb7u4. For the unstable distribution (sid), these problems have been fixed in version 1.7.4-2

Trust: 2.43

sources: NVD: CVE-2014-5029 // JVNDB: JVNDB-2014-003632 // BID: 68842 // VULHUB: VHN-72970 // PACKETSTORM: 128171 // PACKETSTORM: 127797 // PACKETSTORM: 128661 // PACKETSTORM: 131116 // PACKETSTORM: 127631

AFFECTED PRODUCTS

vendor:applemodel:cupsscope:eqversion:1.7.4

Trust: 2.1

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.04

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.7.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.11

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.5

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.23

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.23

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.22

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.22

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.21

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc5scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.18

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.17

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.7.2

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.7.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.7.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.7.0

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.6.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.6.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.6.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.6.1

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.6

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.0

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.5

Trust: 0.3

vendor:applemodel:cups b2scope:eqversion:1.5

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.5

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.8

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.5

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.0

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.4

Trust: 0.3

vendor:applemodel:cups b3scope:eqversion:1.4

Trust: 0.3

vendor:applemodel:cups b2scope:eqversion:1.4

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.9

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.8

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.7-18

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.10

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.0

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.3

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.3

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.9

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.8

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.5

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.12

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.11

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.10

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.0

Trust: 0.3

vendor:applemodel:cups rc3scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cups b2scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.9-1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.9

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.8

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.6-3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.6-2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.6-1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.5-2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.5-1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.5

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.1.22

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.1.21

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.21

Trust: 0.3

vendor:applemodel:cups rc6scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc5scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc4scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc3scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:cups rc4scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cups rc3scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.16

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.15

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.14

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.13

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.12

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.11

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.10-1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.10

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:cups 2.0-currentscope:neversion: -

Trust: 0.3

sources: BID: 68842 // JVNDB: JVNDB-2014-003632 // CNNVD: CNNVD-201407-652 // NVD: CVE-2014-5029

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5029
value: LOW

Trust: 1.0

NVD: CVE-2014-5029
value: LOW

Trust: 0.8

CNNVD: CNNVD-201407-652
value: LOW

Trust: 0.6

VULHUB: VHN-72970
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2014-5029
severity: LOW
baseScore: 1.5
vectorString: AV:L/AC:M/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.7
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-72970
severity: LOW
baseScore: 1.5
vectorString: AV:L/AC:M/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.7
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-72970 // JVNDB: JVNDB-2014-003632 // CNNVD: CNNVD-201407-652 // NVD: CVE-2014-5029

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

sources: VULHUB: VHN-72970 // JVNDB: JVNDB-2014-003632 // NVD: CVE-2014-5029

THREAT TYPE

local

Trust: 1.2

sources: BID: 68842 // PACKETSTORM: 127797 // PACKETSTORM: 128661 // PACKETSTORM: 127631 // CNNVD: CNNVD-201407-652

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201407-652

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003632

PATCH

title:Release Notesurl:http://www.cups.org/documentation.php/relnotes.html

Trust: 0.8

title:STR #4455url:https://cups.org/str.php?L4455

Trust: 0.8

title:RHSA-2014:1388url:https://rhn.redhat.com/errata/RHSA-2014-1388.html

Trust: 0.8

title:str4455-1.7url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50970

Trust: 0.6

sources: JVNDB: JVNDB-2014-003632 // CNNVD: CNNVD-201407-652

EXTERNAL IDS

db:NVDid:CVE-2014-5029

Trust: 3.3

db:OPENWALLid:OSS-SECURITY/2014/07/22/2

Trust: 2.5

db:OPENWALLid:OSS-SECURITY/2014/07/22/13

Trust: 2.5

db:SECUNIAid:60509

Trust: 1.7

db:SECUNIAid:60787

Trust: 1.1

db:BIDid:68842

Trust: 1.0

db:JVNDBid:JVNDB-2014-003632

Trust: 0.8

db:CNNVDid:CNNVD-201407-652

Trust: 0.7

db:PACKETSTORMid:128171

Trust: 0.2

db:VULHUBid:VHN-72970

Trust: 0.1

db:PACKETSTORMid:127797

Trust: 0.1

db:PACKETSTORMid:128661

Trust: 0.1

db:PACKETSTORMid:131116

Trust: 0.1

db:PACKETSTORMid:127631

Trust: 0.1

sources: VULHUB: VHN-72970 // BID: 68842 // JVNDB: JVNDB-2014-003632 // PACKETSTORM: 128171 // PACKETSTORM: 127797 // PACKETSTORM: 128661 // PACKETSTORM: 131116 // PACKETSTORM: 127631 // CNNVD: CNNVD-201407-652 // NVD: CVE-2014-5029

REFERENCES

url:http://www.openwall.com/lists/oss-security/2014/07/22/2

Trust: 2.5

url:http://www.openwall.com/lists/oss-security/2014/07/22/13

Trust: 2.5

url:http://secunia.com/advisories/60509

Trust: 2.3

url:http://advisories.mageia.org/mgasa-2014-0313.html

Trust: 2.1

url:https://cups.org/str.php?l4455

Trust: 2.0

url:http://www.debian.org/security/2014/dsa-2990

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2014-1388.html

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-2341-1

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:108

Trust: 1.1

url:http://secunia.com/advisories/60787

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5029

Trust: 1.0

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5029

Trust: 0.8

url:http://www.securityfocus.com/bid/68842

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-5029

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-5030

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-5031

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-3537

Trust: 0.4

url:http://www.cups.org/

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5031

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3537

Trust: 0.2

url:http://www.mandriva.com/en/support/security/

Trust: 0.2

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5030

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-2856

Trust: 0.2

url:https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.5

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.6_technical_notes/cups.html#rhsa-2014-1388

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-2856.html

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-5029.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-5031.html

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-5030.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-3537.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9679

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0193.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2856

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2015-0067.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9679

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

sources: VULHUB: VHN-72970 // BID: 68842 // JVNDB: JVNDB-2014-003632 // PACKETSTORM: 128171 // PACKETSTORM: 127797 // PACKETSTORM: 128661 // PACKETSTORM: 131116 // PACKETSTORM: 127631 // CNNVD: CNNVD-201407-652 // NVD: CVE-2014-5029

CREDITS

Salvatore Bonaccorso

Trust: 0.9

sources: BID: 68842 // CNNVD: CNNVD-201407-652

SOURCES

db:VULHUBid:VHN-72970
db:BIDid:68842
db:JVNDBid:JVNDB-2014-003632
db:PACKETSTORMid:128171
db:PACKETSTORMid:127797
db:PACKETSTORMid:128661
db:PACKETSTORMid:131116
db:PACKETSTORMid:127631
db:CNNVDid:CNNVD-201407-652
db:NVDid:CVE-2014-5029

LAST UPDATE DATE

2024-08-14T12:05:42.778000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-72970date:2017-01-07T00:00:00
db:BIDid:68842date:2015-04-13T21:32:00
db:JVNDBid:JVNDB-2014-003632date:2015-06-08T00:00:00
db:CNNVDid:CNNVD-201407-652date:2014-07-30T00:00:00
db:NVDid:CVE-2014-5029date:2017-01-07T03:00:25.037

SOURCES RELEASE DATE

db:VULHUBid:VHN-72970date:2014-07-29T00:00:00
db:BIDid:68842date:2014-07-21T00:00:00
db:JVNDBid:JVNDB-2014-003632date:2014-07-31T00:00:00
db:PACKETSTORMid:128171date:2014-09-08T17:33:25
db:PACKETSTORMid:127797date:2014-08-08T21:45:22
db:PACKETSTORMid:128661date:2014-10-14T23:04:56
db:PACKETSTORMid:131116date:2015-03-30T21:33:02
db:PACKETSTORMid:127631date:2014-07-28T20:36:32
db:CNNVDid:CNNVD-201407-652date:2014-07-28T00:00:00
db:NVDid:CVE-2014-5029date:2014-07-29T14:55:07.780