Details of VAR-201901-1018

ID

VAR-201901-1018

CVE

CVE-2018-4181

TITLE

macOS High Sierra Access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013600

DESCRIPTION

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. CUPS is one of the open source printing system components for OS X and Unix-like systems. ========================================================================== Ubuntu Security Notice USN-3713-1 July 11, 2018 cups vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in CUPS. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180) Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181) Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: cups 2.2.7-1ubuntu2.1 Ubuntu 17.10: cups 2.2.4-7ubuntu3.1 Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.5 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.10 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2020:1050-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1050 Issue date: 2020-03-31 CVE Names: CVE-2018-4180 CVE-2018-4181 CVE-2018-4700 ==================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: Local privilege escalation to root due to insecure environment variable handling (CVE-2018-4180) * cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root (CVE-2018-4181) * cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1607282 - CVE-2018-4180 cups: Local privilege escalation to root due to insecure environment variable handling 1607291 - CVE-2018-4181 cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root 1649347 - CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: cups-1.6.3-43.el7.src.rpm noarch: cups-filesystem-1.6.3-43.el7.noarch.rpm x86_64: cups-1.6.3-43.el7.x86_64.rpm cups-client-1.6.3-43.el7.x86_64.rpm cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-libs-1.6.3-43.el7.i686.rpm cups-libs-1.6.3-43.el7.x86_64.rpm cups-lpd-1.6.3-43.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-devel-1.6.3-43.el7.i686.rpm cups-devel-1.6.3-43.el7.x86_64.rpm cups-ipptool-1.6.3-43.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: cups-1.6.3-43.el7.src.rpm noarch: cups-filesystem-1.6.3-43.el7.noarch.rpm x86_64: cups-1.6.3-43.el7.x86_64.rpm cups-client-1.6.3-43.el7.x86_64.rpm cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-libs-1.6.3-43.el7.i686.rpm cups-libs-1.6.3-43.el7.x86_64.rpm cups-lpd-1.6.3-43.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-devel-1.6.3-43.el7.i686.rpm cups-devel-1.6.3-43.el7.x86_64.rpm cups-ipptool-1.6.3-43.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-43.el7.src.rpm noarch: cups-filesystem-1.6.3-43.el7.noarch.rpm ppc64: cups-1.6.3-43.el7.ppc64.rpm cups-client-1.6.3-43.el7.ppc64.rpm cups-debuginfo-1.6.3-43.el7.ppc.rpm cups-debuginfo-1.6.3-43.el7.ppc64.rpm cups-devel-1.6.3-43.el7.ppc.rpm cups-devel-1.6.3-43.el7.ppc64.rpm cups-libs-1.6.3-43.el7.ppc.rpm cups-libs-1.6.3-43.el7.ppc64.rpm cups-lpd-1.6.3-43.el7.ppc64.rpm ppc64le: cups-1.6.3-43.el7.ppc64le.rpm cups-client-1.6.3-43.el7.ppc64le.rpm cups-debuginfo-1.6.3-43.el7.ppc64le.rpm cups-devel-1.6.3-43.el7.ppc64le.rpm cups-libs-1.6.3-43.el7.ppc64le.rpm cups-lpd-1.6.3-43.el7.ppc64le.rpm s390x: cups-1.6.3-43.el7.s390x.rpm cups-client-1.6.3-43.el7.s390x.rpm cups-debuginfo-1.6.3-43.el7.s390.rpm cups-debuginfo-1.6.3-43.el7.s390x.rpm cups-devel-1.6.3-43.el7.s390.rpm cups-devel-1.6.3-43.el7.s390x.rpm cups-libs-1.6.3-43.el7.s390.rpm cups-libs-1.6.3-43.el7.s390x.rpm cups-lpd-1.6.3-43.el7.s390x.rpm x86_64: cups-1.6.3-43.el7.x86_64.rpm cups-client-1.6.3-43.el7.x86_64.rpm cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-devel-1.6.3-43.el7.i686.rpm cups-devel-1.6.3-43.el7.x86_64.rpm cups-libs-1.6.3-43.el7.i686.rpm cups-libs-1.6.3-43.el7.x86_64.rpm cups-lpd-1.6.3-43.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: cups-debuginfo-1.6.3-43.el7.ppc64.rpm cups-ipptool-1.6.3-43.el7.ppc64.rpm ppc64le: cups-debuginfo-1.6.3-43.el7.ppc64le.rpm cups-ipptool-1.6.3-43.el7.ppc64le.rpm s390x: cups-debuginfo-1.6.3-43.el7.s390x.rpm cups-ipptool-1.6.3-43.el7.s390x.rpm x86_64: cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-ipptool-1.6.3-43.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: cups-1.6.3-43.el7.src.rpm noarch: cups-filesystem-1.6.3-43.el7.noarch.rpm x86_64: cups-1.6.3-43.el7.x86_64.rpm cups-client-1.6.3-43.el7.x86_64.rpm cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-devel-1.6.3-43.el7.i686.rpm cups-devel-1.6.3-43.el7.x86_64.rpm cups-libs-1.6.3-43.el7.i686.rpm cups-libs-1.6.3-43.el7.x86_64.rpm cups-lpd-1.6.3-43.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-ipptool-1.6.3-43.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-4180 https://access.redhat.com/security/cve/CVE-2018-4181 https://access.redhat.com/security/cve/CVE-2018-4700 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOcZtzjgjWX9erEAQj5vQ/+JKCLR2RmEo3wtGMY1WX6LNbQwv/cdECr s3N5rUh4rykPzjzFc3DGkTd7idUf0HwXuxKqhTqkEYKpsFOd79vXESpCGpp/AqaU gtD9T2eCeH1hIZvC6Ev/R7TU7V2NQwuyAoO8GAQyZ8ev/QuCxYFzUAfoke7Fe2rZ Tc4PV8nL/Sf3RvJCVmlOjvtfpL2WX4PX2zB0XytIKqfCrWfTHq+5j3qAzIayPTzm YPH0ksu7ZfHA2Sy3tMRBYaksRbKahtZmBZKi41vigTiH/XqLRa+Y1CRSUEc9vwxj ScQWNpy51O0tZUNhAbHiWBqyiyT7MpibKF6p/N8mwZ/6A6G36qUBqkW9zJZTEurS eMnZrL4MhHCFLBhJbXYSbXRvbbYcFsfShktovTBwcDYO3x6Bf/bY2YgWe4fMNwh+ 03swOecUGLBxf5Esww6UaSzt2Es7h0p0k+PBvg7gXA13CVIjG55KmZITQzWIIOtM IRhnNBoORzLooa28eBkT/AiPkMU5gSWpe2Iy+tHrSgw5F+nyzYsWjiq1qpD2ifWG QRdhRgEtSRiwvljrtX0ZpxRXvYESa39nXclAtQcTePvH6/tFgpALQv06+6zcV6MS TjhhxzsDilA5DdQacoTJGz5HHZk0z0hsyJQyRBAKfuZQpIuFR0nHZ8yqhGdVeSOy AfLO6MsTpy4=UkWN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues have been identified with the following CVE ids: CVE-2017-15400 Rory McNamara discovered that an attacker is able to execute arbitrary commands (with the privilege of the CUPS daemon) by setting a malicious IPP server with a crafted PPD file. CVE-2018-4182 Dan Bastone of Gotham Digital Science discovered that an attacker with sandboxed root access can execute backends without a sandbox profile by provoking an error in CUPS' profile creation. CVE-2018-4183 Dan Bastone and Eric Rafaloff of Gotham Digital Science discovered that an attacker with sandboxed root access can execute arbitrary commands as unsandboxed root by modifying /etc/cups/cups-files.conf CVE-2018-6553 Dan Bastone of Gotham Digital Science discovered that an attacker can bypass the AppArmor cupsd sandbox by invoking the dnssd backend using an alternate name that has been hard linked to dnssd. For the stable distribution (stretch), these problems have been fixed in version 2.2.1-8+deb9u2. We recommend that you upgrade your cups packages. For the detailed security status of cups please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAltGE+0ACgkQbsLe9o/+ N3RzTBAAog31K8+nfhrds2NQZeWaz0rGevs6hHj5wuf40FemG0IoHYfl7xba66Fx gVTZSDbpOuFnG1YQet0UpfsXsogTuaPv6/qP89YASEM8ncLSgBUTKS1bK7VM6SyP NZCWUmjmfsyf0yv7tvnWnq0k5I6MwHRRX6l0fI+treXz0nwjXDIPnKH1Xbv4zW1Y TTpmxD4FknyzkXJGxJoBwMcclPGCkT6W1IrBPQrjscUJvFBWiNW3umAoiuv+aCCr sM+raoK0SJTLFJ289AhrXajKilt0SfTHly12mpxUKnyevPCAz5o+nbtQMhQrALLQ foRuTAfI3WhubZFd7bTUjhrVo1nhS4khnmriyRxsCL7o19dc5rfQd1fO1IvCDQCb YtnWhDD7Tfzspetpr5kUk/pbB1U//uyWDFji73ZURFPbn5Pa+Z80OUGIRd9IIlNg ODJsNq5X/bjwoJgwJwi3W6SieyNWKBaTR5Ktk2iqBOJQ++KqV3BmsCVI/B/5NFnV /heBZYugaknsmdQVbdKa9jv3GIr4TE4frqJJrAsZ0KGnlKNNzoe3pQIk6nA0f/4d z3JalPDGwfL+Qq2AAJlqx2346ro0bViHUAGXJc1zsx44LHBVaRotV+a0gTXsh3z/ 3tQIHs2KZ4KRzczK7pbDDbeSEsaL6XsWb0vXbG2ZNAHoGxV7jQo= =g0fa -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201908-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CUPS: Multiple vulnerabilities Date: August 15, 2019 Bugs: #660954 ID: 201908-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in CUPS, the worst of which could result in the arbitrary execution of code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 2.2.8 >= 2.2.8 Description =========== Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-2.2.8" References ========== [ 1 ] CVE-2017-15400 https://nvd.nist.gov/vuln/detail/CVE-2017-15400 [ 2 ] CVE-2018-4180 https://nvd.nist.gov/vuln/detail/CVE-2018-4180 [ 3 ] CVE-2018-4181 https://nvd.nist.gov/vuln/detail/CVE-2018-4181 [ 4 ] CVE-2018-4182 https://nvd.nist.gov/vuln/detail/CVE-2018-4182 [ 5 ] CVE-2018-4183 https://nvd.nist.gov/vuln/detail/CVE-2018-4183 [ 6 ] CVE-2018-6553 https://nvd.nist.gov/vuln/detail/CVE-2018-6553 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201908-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2018-4181 // JVNDB: JVNDB-2018-013600 // VULHUB: VHN-134212 // PACKETSTORM: 148510 // PACKETSTORM: 157003 // PACKETSTORM: 148503 // PACKETSTORM: 154076

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.5	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	17.10	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.4	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	-	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 0.6

sources: JVNDB: JVNDB-2018-013600 // CNNVD: CNNVD-201901-394 // NVD: CVE-2018-4181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4181
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4181
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-394
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-134212
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4181
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134212
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4181
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134212 // JVNDB: JVNDB-2018-013600 // CNNVD: CNNVD-201901-394 // NVD: CVE-2018-4181

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-285	Trust: 0.9

sources: VULHUB: VHN-134212 // JVNDB: JVNDB-2018-013600 // NVD: CVE-2018-4181

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-394

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-394

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013600

PATCH

title:	HT208849	url:	https://support.apple.com/en-us/HT208849	Trust: 0.8
title:	HT208849	url:	https://support.apple.com/ja-jp/HT208849	Trust: 0.8
title:	[SECURITY] [DLA 1426-1] cups security update	url:	https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html	Trust: 0.8
title:	DSA-4243	url:	https://www.debian.org/security/2018/dsa-4243	Trust: 0.8
title:	USN-3713-1	url:	https://usn.ubuntu.com/3713-1/	Trust: 0.8
title:	Apple macOS High Sierra CUPS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88558	Trust: 0.6

sources: JVNDB: JVNDB-2018-013600 // CNNVD: CNNVD-201901-394

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4181	Trust: 2.9
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013600	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-394	Trust: 0.7
db:	PACKETSTORM	id:	154076	Trust: 0.7
db:	VULHUB	id:	VHN-134212	Trust: 0.1
db:	PACKETSTORM	id:	148510	Trust: 0.1
db:	PACKETSTORM	id:	157003	Trust: 0.1
db:	PACKETSTORM	id:	148503	Trust: 0.1

sources: VULHUB: VHN-134212 // JVNDB: JVNDB-2018-013600 // PACKETSTORM: 148510 // PACKETSTORM: 157003 // PACKETSTORM: 148503 // PACKETSTORM: 154076 // CNNVD: CNNVD-201901-394 // NVD: CVE-2018-4181

REFERENCES

url:	https://security.gentoo.org/glsa/201908-08	Trust: 1.8
url:	https://support.apple.com/ht208849	Trust: 1.7
url:	https://www.debian.org/security/2018/dsa-4243	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html	Trust: 1.7
url:	https://usn.ubuntu.com/3713-1/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4181	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4181	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://packetstormsecurity.com/files/154076/gentoo-linux-security-advisory-201908-08.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4180	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6553	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4183	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4182	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15400	Trust: 0.2
url:	https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3713-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18248	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4700	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-4180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-4700	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1050	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-4181	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/cups	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

CREDITS

Gentoo

Trust: 0.7

sources: PACKETSTORM: 154076 // CNNVD: CNNVD-201901-394

SOURCES

db:	VULHUB	id:	VHN-134212
db:	JVNDB	id:	JVNDB-2018-013600
db:	PACKETSTORM	id:	148510
db:	PACKETSTORM	id:	157003
db:	PACKETSTORM	id:	148503
db:	PACKETSTORM	id:	154076
db:	CNNVD	id:	CNNVD-201901-394
db:	NVD	id:	CVE-2018-4181

LAST UPDATE DATE

2024-08-14T12:47:11.094000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134212	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013600	date:	2019-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201901-394	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-4181	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134212	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-013600	date:	2019-02-26T00:00:00
db:	PACKETSTORM	id:	148510	date:	2018-07-11T22:07:12
db:	PACKETSTORM	id:	157003	date:	2020-04-01T15:05:46
db:	PACKETSTORM	id:	148503	date:	2018-07-11T15:36:35
db:	PACKETSTORM	id:	154076	date:	2019-08-15T20:22:49
db:	CNNVD	id:	CNNVD-201901-394	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2018-4181	date:	2019-01-11T18:29:01.077