ID

VAR-201407-0414


CVE

CVE-2014-5030


TITLE

CUPS Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2014-003633

DESCRIPTION

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. The Common Unix Printing System (CUPS) is a universal Unix printing system that is a cross-platform printing solution for Unix environments. It is based on the Internet printing protocol and provides most PostScript and raster printing. The CUPS Web Interface has a local privilege escalation vulnerability that allows attacks. Use vulnerabilities for symbolic link attacks to overwrite any file in the context of the affected application. Other attacks may also be possible. An attacker with local access could potentially exploit this issue to gain elevated privileges. CUPS 1.7.4 and earlier versions are vulnerable. ============================================================================ Ubuntu Security Notice USN-2341-1 September 08, 2014 cups vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: CUPS could be made to expose sensitive information, leading to privilege escalation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.2 Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu8.5 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.13 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2014:1388-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1388.html Issue date: 2014-10-14 CVE Names: CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 ===================================================================== 1. Summary: Updated cups packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. (CVE-2014-2856) It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031) The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat Product Security. These updated cups packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 978387 - Bad IPP responses with version 2.0 (collection handling bug) 1012482 - /etc/cron.daily/cups breaks rule GEN003080 in Red Hat security guide 1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release 1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation 1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537 1128764 - CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack 1128767 - CVE-2014-5031 cups: world-readable permissions 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: cups-1.4.2-67.el6.src.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm ppc64: cups-1.4.2-67.el6.ppc64.rpm cups-debuginfo-1.4.2-67.el6.ppc.rpm cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-devel-1.4.2-67.el6.ppc.rpm cups-devel-1.4.2-67.el6.ppc64.rpm cups-libs-1.4.2-67.el6.ppc.rpm cups-libs-1.4.2-67.el6.ppc64.rpm cups-lpd-1.4.2-67.el6.ppc64.rpm s390x: cups-1.4.2-67.el6.s390x.rpm cups-debuginfo-1.4.2-67.el6.s390.rpm cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-devel-1.4.2-67.el6.s390.rpm cups-devel-1.4.2-67.el6.s390x.rpm cups-libs-1.4.2-67.el6.s390.rpm cups-libs-1.4.2-67.el6.s390x.rpm cups-lpd-1.4.2-67.el6.s390x.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm ppc64: cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-php-1.4.2-67.el6.ppc64.rpm s390x: cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-php-1.4.2-67.el6.s390x.rpm x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: cups-1.4.2-67.el6.src.rpm i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-2856.html https://www.redhat.com/security/data/cve/CVE-2014-3537.html https://www.redhat.com/security/data/cve/CVE-2014-5029.html https://www.redhat.com/security/data/cve/CVE-2014-5030.html https://www.redhat.com/security/data/cve/CVE-2014-5031.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKsIXlSAg2UNWIIRApSvAJ9WxP5yQ+v5GDRGnSINYq0Pro0AoQCfXZqW WjIIQcBG+Sou8Is2vIFlLok= =5S/K -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679 http://advisories.mageia.org/MGASA-2014-0193.html http://advisories.mageia.org/MGASA-2014-0313.html http://advisories.mageia.org/MGASA-2015-0067.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF6q1mqjQ0CJFipgRAuxXAKDq8A/WlNzp54yRN7xnKy8ZBaRZQwCfSAh0 n7hHPzmYVzh2wFP6PffIl0E= =ykhv -----END PGP SIGNATURE----- . For the stable distribution (wheezy), these problems have been fixed in version 1.5.3-5+deb7u4. For the unstable distribution (sid), these problems have been fixed in version 1.7.4-2

Trust: 2.97

sources: NVD: CVE-2014-5030 // JVNDB: JVNDB-2014-003633 // CNVD: CNVD-2014-04712 // BID: 68846 // VULHUB: VHN-72971 // PACKETSTORM: 128171 // PACKETSTORM: 127797 // PACKETSTORM: 128661 // PACKETSTORM: 131116 // PACKETSTORM: 127631

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04712

AFFECTED PRODUCTS

vendor:applemodel:cupsscope:eqversion:1.7.3

Trust: 1.9

vendor:applemodel:cupsscope:eqversion:1.7.2

Trust: 1.9

vendor:applemodel:cupsscope:eqversion:1.7.1

Trust: 1.9

vendor:applemodel:cupsscope:eqversion:1.7.0

Trust: 1.9

vendor:applemodel:cupsscope:eqversion:1.7

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.04

Trust: 1.0

vendor:applemodel:cupsscope:lteversion:1.7.4

Trust: 1.0

vendor:applemodel:cupsscope:eqversion:1.7.4

Trust: 0.9

vendor:applemodel:cupsscope:ltversion:2.0

Trust: 0.8

vendor:cupsmodel:cupsscope:lteversion:<=1.7.4

Trust: 0.6

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.11

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.5

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.23

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.23

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.22

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.22

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.21

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc5scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.18

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.17

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.7.1

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.6.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.6.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.6.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.6.1

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.6

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.5.0

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.5

Trust: 0.3

vendor:applemodel:cups b2scope:eqversion:1.5

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.5

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.8

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.5

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.4.0

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.4

Trust: 0.3

vendor:applemodel:cups b3scope:eqversion:1.4

Trust: 0.3

vendor:applemodel:cups b2scope:eqversion:1.4

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.9

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.8

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.7-18

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.10

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.3.0

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.3

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.3

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.9

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.8

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.5

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.12

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.11

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.10

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.2.0

Trust: 0.3

vendor:applemodel:cups rc3scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cups b2scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cups b1scope:eqversion:1.2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.9-1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.9

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.8

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.7

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.6-3

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.6-2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.6-1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.6

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.5-2

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.5-1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.5

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.1.22

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.1.21

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.21

Trust: 0.3

vendor:applemodel:cups rc6scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc5scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc4scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc3scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.20

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:cups rc4scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cups rc3scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cups rc2scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cups rc1scope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.19

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.16

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.15

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.14

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.13

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.12

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.11

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.10-1

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.10

Trust: 0.3

vendor:applemodel:cupsscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:cups 2.0-currentscope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2014-04712 // BID: 68846 // JVNDB: JVNDB-2014-003633 // CNNVD: CNNVD-201407-693 // NVD: CVE-2014-5030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5030
value: LOW

Trust: 1.0

NVD: CVE-2014-5030
value: LOW

Trust: 0.8

CNVD: CNVD-2014-04712
value: LOW

Trust: 0.6

CNNVD: CNNVD-201407-693
value: LOW

Trust: 0.6

VULHUB: VHN-72971
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2014-5030
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04712
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-72971
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-04712 // VULHUB: VHN-72971 // JVNDB: JVNDB-2014-003633 // CNNVD: CNNVD-201407-693 // NVD: CVE-2014-5030

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

sources: VULHUB: VHN-72971 // JVNDB: JVNDB-2014-003633 // NVD: CVE-2014-5030

THREAT TYPE

local

Trust: 1.2

sources: BID: 68846 // PACKETSTORM: 127797 // PACKETSTORM: 128661 // PACKETSTORM: 127631 // CNNVD: CNNVD-201407-693

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201407-693

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003633

PATCH

title:Release Notesurl:http://www.cups.org/documentation.php/doc-2.0/relnotes.html?VERSION=2.0&Q=

Trust: 0.8

title:STR #4455url:https://cups.org/str.php?L4455

Trust: 0.8

title:RHSA-2014:1388url:https://rhn.redhat.com/errata/RHSA-2014-1388.html

Trust: 0.8

title:Patch for CUPS Web Interface Local Privilege Escalation Vulnerability (CNVD-2014-04712)url:https://www.cnvd.org.cn/patchInfo/show/48071

Trust: 0.6

title:cups-2.0b1-sourceurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50969

Trust: 0.6

sources: CNVD: CNVD-2014-04712 // JVNDB: JVNDB-2014-003633 // CNNVD: CNNVD-201407-693

EXTERNAL IDS

db:NVDid:CVE-2014-5030

Trust: 3.9

db:SECUNIAid:60509

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2014/07/22/2

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2014/07/22/13

Trust: 1.7

db:SECUNIAid:60787

Trust: 1.1

db:BIDid:68846

Trust: 1.0

db:JVNDBid:JVNDB-2014-003633

Trust: 0.8

db:CNNVDid:CNNVD-201407-693

Trust: 0.7

db:CNVDid:CNVD-2014-04712

Trust: 0.6

db:VULHUBid:VHN-72971

Trust: 0.1

db:PACKETSTORMid:128171

Trust: 0.1

db:PACKETSTORMid:127797

Trust: 0.1

db:PACKETSTORMid:128661

Trust: 0.1

db:PACKETSTORMid:131116

Trust: 0.1

db:PACKETSTORMid:127631

Trust: 0.1

sources: CNVD: CNVD-2014-04712 // VULHUB: VHN-72971 // BID: 68846 // JVNDB: JVNDB-2014-003633 // PACKETSTORM: 128171 // PACKETSTORM: 127797 // PACKETSTORM: 128661 // PACKETSTORM: 131116 // PACKETSTORM: 127631 // CNNVD: CNNVD-201407-693 // NVD: CVE-2014-5030

REFERENCES

url:http://secunia.com/advisories/60509

Trust: 2.3

url:http://advisories.mageia.org/mgasa-2014-0313.html

Trust: 2.1

url:https://cups.org/str.php?l4455

Trust: 2.0

url:http://www.debian.org/security/2014/dsa-2990

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2014/07/22/2

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2014/07/22/13

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2014-1388.html

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-2341-1

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:108

Trust: 1.1

url:http://secunia.com/advisories/60787

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5030

Trust: 1.0

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5030

Trust: 0.8

url:http://www.securityfocus.com/bid/68846

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-5029

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-5030

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-5031

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-3537

Trust: 0.4

url:http://www.cups.org/

Trust: 0.3

url:http://seclists.org/oss-sec/2014/q3/220

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5031

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3537

Trust: 0.2

url:http://www.mandriva.com/en/support/security/

Trust: 0.2

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5029

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-2856

Trust: 0.2

url:https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.5

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.6_technical_notes/cups.html#rhsa-2014-1388

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-2856.html

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-5029.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-5031.html

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-5030.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-3537.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9679

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0193.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2856

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2015-0067.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9679

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

sources: CNVD: CNVD-2014-04712 // VULHUB: VHN-72971 // BID: 68846 // JVNDB: JVNDB-2014-003633 // PACKETSTORM: 128171 // PACKETSTORM: 127797 // PACKETSTORM: 128661 // PACKETSTORM: 131116 // PACKETSTORM: 127631 // CNNVD: CNNVD-201407-693 // NVD: CVE-2014-5030

CREDITS

Salvatore Bonaccorso

Trust: 0.3

sources: BID: 68846

SOURCES

db:CNVDid:CNVD-2014-04712
db:VULHUBid:VHN-72971
db:BIDid:68846
db:JVNDBid:JVNDB-2014-003633
db:PACKETSTORMid:128171
db:PACKETSTORMid:127797
db:PACKETSTORMid:128661
db:PACKETSTORMid:131116
db:PACKETSTORMid:127631
db:CNNVDid:CNNVD-201407-693
db:NVDid:CVE-2014-5030

LAST UPDATE DATE

2024-08-14T12:51:19.655000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-04712date:2014-07-31T00:00:00
db:VULHUBid:VHN-72971date:2017-01-07T00:00:00
db:BIDid:68846date:2015-04-13T21:58:00
db:JVNDBid:JVNDB-2014-003633date:2015-06-08T00:00:00
db:CNNVDid:CNNVD-201407-693date:2014-08-01T00:00:00
db:NVDid:CVE-2014-5030date:2017-01-07T03:00:25.100

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-04712date:2014-07-31T00:00:00
db:VULHUBid:VHN-72971date:2014-07-29T00:00:00
db:BIDid:68846date:2014-07-22T00:00:00
db:JVNDBid:JVNDB-2014-003633date:2014-07-31T00:00:00
db:PACKETSTORMid:128171date:2014-09-08T17:33:25
db:PACKETSTORMid:127797date:2014-08-08T21:45:22
db:PACKETSTORMid:128661date:2014-10-14T23:04:56
db:PACKETSTORMid:131116date:2015-03-30T21:33:02
db:PACKETSTORMid:127631date:2014-07-28T20:36:32
db:CNNVDid:CNNVD-201407-693date:2014-07-29T00:00:00
db:NVDid:CVE-2014-5030date:2014-07-29T14:55:07.827