Security Features in cups (Alpine package)

1) Security Features

EUVDB-ID: #VU32416

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2015-1158

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

cups (Alpine package): 1.7.4-r1

CPE2.3

• cpe:2.3:o:alpine:cups_alpine_package:1.7.4-r1:*:*:*:*:alpine_linux:*:2.6

External links

https://git.alpinelinux.org/aports/commit/?id=2bd688203ac9a6bade959c7857aa827a882a5a26
https://git.alpinelinux.org/aports/commit/?id=ff5aca650b718685ddf975d4f7f26993fc79f235
https://git.alpinelinux.org/aports/commit/?id=5f589ae6722e270d6297726d8ef6ab405dc22d93
https://git.alpinelinux.org/aports/commit/?id=40283b5ee346c43fe039dffe33f22e009c0094a1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.