CVE-2018-4180 (GCVE-0-2018-4180)

Vulnerability from cvelistv5 – Published: 2019-01-11 18:00 – Updated: 2024-08-05 05:04

Summary

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

Severity

No CVSS data available.

CWE

Assigner

apple

References

5 references

URL	Tags
https://usn.ubuntu.com/3713-1/	vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4243	vendor-advisoryx_refsource_DEBIAN
https://support.apple.com/HT208849	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/201908-08	vendor-advisoryx_refsource_GENTOO

Date Public

2019-01-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:04:29.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3713-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3713-1/"
          },
          {
            "name": "DSA-4243",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208849"
          },
          {
            "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1426-1] cups security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html"
          },
          {
            "name": "GLSA-201908-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-15T17:06:09.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "USN-3713-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3713-1/"
        },
        {
          "name": "DSA-4243",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208849"
        },
        {
          "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1426-1] cups security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html"
        },
        {
          "name": "GLSA-201908-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-08"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4180",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3713-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3713-1/"
            },
            {
              "name": "DSA-4243",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4243"
            },
            {
              "name": "https://support.apple.com/HT208849",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208849"
            },
            {
              "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1426-1] cups security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html"
            },
            {
              "name": "GLSA-201908-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-08"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2018-4180",
    "datePublished": "2019-01-11T18:00:00.000Z",
    "dateReserved": "2018-01-02T00:00:00.000Z",
    "dateUpdated": "2024-08-05T05:04:29.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-4180",
      "date": "2026-05-30",
      "epss": "0.00115",
      "percentile": "0.29952"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4180\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2019-01-11T18:29:01.047\",\"lastModified\":\"2024-11-21T04:06:55.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.\"},{\"lang\":\"es\",\"value\":\"En macOS High Sierra en versiones anteriores a la 10.13.5, exist\u00eda un problema en CUPS. Este problema se abord\u00f3 mediante la mejora de las restricciones de acceso.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.13.5\",\"matchCriteriaId\":\"B0B9799C-6891-4D51-9E17-92D1407740F9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-08\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT208849\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3713-1/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4243\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT208849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3713-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

VAR-201901-1017

Vulnerability from variot - Updated: 2024-11-23 19:42

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. macOS High Sierra of CUPS Has a flaw in authorization due to incomplete handling of access restrictions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. CUPS is one of the open source printing system components for OS X and Unix-like systems. An attacker could exploit this vulnerability with a local process to modify other processes without passing authorization checks. ========================================================================== Ubuntu Security Notice USN-3713-1 July 11, 2018

cups vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 18.04 LTS
Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in CUPS. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248)

Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180)

Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181)

Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS: cups 2.2.7-1ubuntu2.1

Ubuntu 17.10: cups 2.2.4-7ubuntu3.1

Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.5

Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.10

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2020:1050-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1050 Issue date: 2020-03-31 CVE Names: CVE-2018-4180 CVE-2018-4181 CVE-2018-4700 ==================================================================== 1. Summary:

An update for cups is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.

Security Fix(es):

cups: Local privilege escalation to root due to insecure environment variable handling (CVE-2018-4180)
cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root (CVE-2018-4181)
cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted automatically.

Bugs fixed (https://bugzilla.redhat.com/):

1607282 - CVE-2018-4180 cups: Local privilege escalation to root due to insecure environment variable handling 1607291 - CVE-2018-4181 cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root 1649347 - CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: cups-1.6.3-43.el7.src.rpm

noarch: cups-filesystem-1.6.3-43.el7.noarch.rpm

x86_64: cups-1.6.3-43.el7.x86_64.rpm cups-client-1.6.3-43.el7.x86_64.rpm cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-libs-1.6.3-43.el7.i686.rpm cups-libs-1.6.3-43.el7.x86_64.rpm cups-lpd-1.6.3-43.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-devel-1.6.3-43.el7.i686.rpm cups-devel-1.6.3-43.el7.x86_64.rpm cups-ipptool-1.6.3-43.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: cups-1.6.3-43.el7.src.rpm

noarch: cups-filesystem-1.6.3-43.el7.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-devel-1.6.3-43.el7.i686.rpm cups-devel-1.6.3-43.el7.x86_64.rpm cups-ipptool-1.6.3-43.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: cups-1.6.3-43.el7.src.rpm

noarch: cups-filesystem-1.6.3-43.el7.noarch.rpm

ppc64: cups-1.6.3-43.el7.ppc64.rpm cups-client-1.6.3-43.el7.ppc64.rpm cups-debuginfo-1.6.3-43.el7.ppc.rpm cups-debuginfo-1.6.3-43.el7.ppc64.rpm cups-devel-1.6.3-43.el7.ppc.rpm cups-devel-1.6.3-43.el7.ppc64.rpm cups-libs-1.6.3-43.el7.ppc.rpm cups-libs-1.6.3-43.el7.ppc64.rpm cups-lpd-1.6.3-43.el7.ppc64.rpm

ppc64le: cups-1.6.3-43.el7.ppc64le.rpm cups-client-1.6.3-43.el7.ppc64le.rpm cups-debuginfo-1.6.3-43.el7.ppc64le.rpm cups-devel-1.6.3-43.el7.ppc64le.rpm cups-libs-1.6.3-43.el7.ppc64le.rpm cups-lpd-1.6.3-43.el7.ppc64le.rpm

s390x: cups-1.6.3-43.el7.s390x.rpm cups-client-1.6.3-43.el7.s390x.rpm cups-debuginfo-1.6.3-43.el7.s390.rpm cups-debuginfo-1.6.3-43.el7.s390x.rpm cups-devel-1.6.3-43.el7.s390.rpm cups-devel-1.6.3-43.el7.s390x.rpm cups-libs-1.6.3-43.el7.s390.rpm cups-libs-1.6.3-43.el7.s390x.rpm cups-lpd-1.6.3-43.el7.s390x.rpm

x86_64: cups-1.6.3-43.el7.x86_64.rpm cups-client-1.6.3-43.el7.x86_64.rpm cups-debuginfo-1.6.3-43.el7.i686.rpm cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-devel-1.6.3-43.el7.i686.rpm cups-devel-1.6.3-43.el7.x86_64.rpm cups-libs-1.6.3-43.el7.i686.rpm cups-libs-1.6.3-43.el7.x86_64.rpm cups-lpd-1.6.3-43.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: cups-debuginfo-1.6.3-43.el7.ppc64.rpm cups-ipptool-1.6.3-43.el7.ppc64.rpm

ppc64le: cups-debuginfo-1.6.3-43.el7.ppc64le.rpm cups-ipptool-1.6.3-43.el7.ppc64le.rpm

s390x: cups-debuginfo-1.6.3-43.el7.s390x.rpm cups-ipptool-1.6.3-43.el7.s390x.rpm

x86_64: cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-ipptool-1.6.3-43.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: cups-1.6.3-43.el7.src.rpm

noarch: cups-filesystem-1.6.3-43.el7.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: cups-debuginfo-1.6.3-43.el7.x86_64.rpm cups-ipptool-1.6.3-43.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2018-4180 https://access.redhat.com/security/cve/CVE-2018-4181 https://access.redhat.com/security/cve/CVE-2018-4700 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXoOcZtzjgjWX9erEAQj5vQ/+JKCLR2RmEo3wtGMY1WX6LNbQwv/cdECr s3N5rUh4rykPzjzFc3DGkTd7idUf0HwXuxKqhTqkEYKpsFOd79vXESpCGpp/AqaU gtD9T2eCeH1hIZvC6Ev/R7TU7V2NQwuyAoO8GAQyZ8ev/QuCxYFzUAfoke7Fe2rZ Tc4PV8nL/Sf3RvJCVmlOjvtfpL2WX4PX2zB0XytIKqfCrWfTHq+5j3qAzIayPTzm YPH0ksu7ZfHA2Sy3tMRBYaksRbKahtZmBZKi41vigTiH/XqLRa+Y1CRSUEc9vwxj ScQWNpy51O0tZUNhAbHiWBqyiyT7MpibKF6p/N8mwZ/6A6G36qUBqkW9zJZTEurS eMnZrL4MhHCFLBhJbXYSbXRvbbYcFsfShktovTBwcDYO3x6Bf/bY2YgWe4fMNwh+ 03swOecUGLBxf5Esww6UaSzt2Es7h0p0k+PBvg7gXA13CVIjG55KmZITQzWIIOtM IRhnNBoORzLooa28eBkT/AiPkMU5gSWpe2Iy+tHrSgw5F+nyzYsWjiq1qpD2ifWG QRdhRgEtSRiwvljrtX0ZpxRXvYESa39nXclAtQcTePvH6/tFgpALQv06+6zcV6MS TjhhxzsDilA5DdQacoTJGz5HHZk0z0hsyJQyRBAKfuZQpIuFR0nHZ8yqhGdVeSOy AfLO6MsTpy4=UkWN -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues have been identified with the following CVE ids:

CVE-2017-15400

Rory McNamara discovered that an attacker is able to execute arbitrary
commands (with the privilege of the CUPS daemon) by setting a
malicious IPP server with a crafted PPD file.

CVE-2018-4182

Dan Bastone of Gotham Digital Science discovered that an attacker
with sandboxed root access can execute backends without a sandbox
profile by provoking an error in CUPS' profile creation.

CVE-2018-4183

 Dan Bastone and Eric Rafaloff of Gotham Digital Science discovered
 that an attacker with sandboxed root access can execute arbitrary
 commands as unsandboxed root by modifying /etc/cups/cups-files.conf

CVE-2018-6553

Dan Bastone of Gotham Digital Science discovered that an attacker
can bypass the AppArmor cupsd sandbox by invoking the dnssd backend
using an alternate name that has been hard linked to dnssd.

For the stable distribution (stretch), these problems have been fixed in version 2.2.1-8+deb9u2.

We recommend that you upgrade your cups packages.

For the detailed security status of cups please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAltGE+0ACgkQbsLe9o/+ N3RzTBAAog31K8+nfhrds2NQZeWaz0rGevs6hHj5wuf40FemG0IoHYfl7xba66Fx gVTZSDbpOuFnG1YQet0UpfsXsogTuaPv6/qP89YASEM8ncLSgBUTKS1bK7VM6SyP NZCWUmjmfsyf0yv7tvnWnq0k5I6MwHRRX6l0fI+treXz0nwjXDIPnKH1Xbv4zW1Y TTpmxD4FknyzkXJGxJoBwMcclPGCkT6W1IrBPQrjscUJvFBWiNW3umAoiuv+aCCr sM+raoK0SJTLFJ289AhrXajKilt0SfTHly12mpxUKnyevPCAz5o+nbtQMhQrALLQ foRuTAfI3WhubZFd7bTUjhrVo1nhS4khnmriyRxsCL7o19dc5rfQd1fO1IvCDQCb YtnWhDD7Tfzspetpr5kUk/pbB1U//uyWDFji73ZURFPbn5Pa+Z80OUGIRd9IIlNg ODJsNq5X/bjwoJgwJwi3W6SieyNWKBaTR5Ktk2iqBOJQ++KqV3BmsCVI/B/5NFnV /heBZYugaknsmdQVbdKa9jv3GIr4TE4frqJJrAsZ0KGnlKNNzoe3pQIk6nA0f/4d z3JalPDGwfL+Qq2AAJlqx2346ro0bViHUAGXJc1zsx44LHBVaRotV+a0gTXsh3z/ 3tQIHs2KZ4KRzczK7pbDDbeSEsaL6XsWb0vXbG2ZNAHoGxV7jQo= =g0fa -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201908-08

                                       https://security.gentoo.org/

Severity: Normal Title: CUPS: Multiple vulnerabilities Date: August 15, 2019 Bugs: #660954 ID: 201908-08

Synopsis

Multiple vulnerabilities have been found in CUPS, the worst of which could result in the arbitrary execution of code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-print/cups < 2.2.8 >= 2.2.8

Description

Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All CUPS users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-2.2.8"

References

[ 1 ] CVE-2017-15400 https://nvd.nist.gov/vuln/detail/CVE-2017-15400 [ 2 ] CVE-2018-4180 https://nvd.nist.gov/vuln/detail/CVE-2018-4180 [ 3 ] CVE-2018-4181 https://nvd.nist.gov/vuln/detail/CVE-2018-4181 [ 4 ] CVE-2018-4182 https://nvd.nist.gov/vuln/detail/CVE-2018-4182 [ 5 ] CVE-2018-4183 https://nvd.nist.gov/vuln/detail/CVE-2018-4183 [ 6 ] CVE-2018-6553 https://nvd.nist.gov/vuln/detail/CVE-2018-6553

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201908-08

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1017",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "17.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.5"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4180"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2018-4180",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-4180",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-134211",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-4180",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-4180",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-4180",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-393",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134211",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4180"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. macOS High Sierra of CUPS Has a flaw in authorization due to incomplete handling of access restrictions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. CUPS is one of the open source printing system components for OS X and Unix-like systems. An attacker could exploit this vulnerability with a local process to modify other processes without passing authorization checks. ==========================================================================\nUbuntu Security Notice USN-3713-1\nJuly 11, 2018\n\ncups vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in CUPS. A remote attacker could possibly use this issue to cause\nCUPS to crash, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248)\n\nDan Bastone discovered that the CUPS dnssd backend incorrectly handled\ncertain environment variables. A local attacker could possibly use this\nissue to escalate privileges. (CVE-2018-4180)\n\nEric Rafaloff and John Dunlap discovered that CUPS incorrectly handled\ncertain include directives. A local attacker could possibly use this issue\nto read arbitrary files. (CVE-2018-4181)\n\nDan Bastone discovered that the CUPS AppArmor profile incorrectly confined\nthe dnssd backend. A local attacker could possibly use this issue to escape\nconfinement. (CVE-2018-6553)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n  cups                            2.2.7-1ubuntu2.1\n\nUbuntu 17.10:\n  cups                            2.2.4-7ubuntu3.1\n\nUbuntu 16.04 LTS:\n  cups                            2.1.3-4ubuntu0.5\n\nUbuntu 14.04 LTS:\n  cups                            1.7.2-0ubuntu1.10\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: cups security and bug fix update\nAdvisory ID:       RHSA-2020:1050-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:1050\nIssue date:        2020-03-31\nCVE Names:         CVE-2018-4180 CVE-2018-4181 CVE-2018-4700\n====================================================================\n1. Summary:\n\nAn update for cups is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor Linux, UNIX, and similar operating systems. \n\nSecurity Fix(es):\n\n* cups: Local privilege escalation to root due to insecure environment\nvariable handling (CVE-2018-4180)\n\n* cups: Manipulation of cupsd.conf by a local attacker resulting in limited\nreads of arbitrary files as root (CVE-2018-4181)\n\n* cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the cupsd service will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607282 - CVE-2018-4180 cups: Local privilege escalation to root due to insecure environment variable handling\n1607291 - CVE-2018-4181 cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root\n1649347 - CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ncups-1.6.3-43.el7.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-43.el7.noarch.rpm\n\nx86_64:\ncups-1.6.3-43.el7.x86_64.rpm\ncups-client-1.6.3-43.el7.x86_64.rpm\ncups-debuginfo-1.6.3-43.el7.i686.rpm\ncups-debuginfo-1.6.3-43.el7.x86_64.rpm\ncups-libs-1.6.3-43.el7.i686.rpm\ncups-libs-1.6.3-43.el7.x86_64.rpm\ncups-lpd-1.6.3-43.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-43.el7.i686.rpm\ncups-debuginfo-1.6.3-43.el7.x86_64.rpm\ncups-devel-1.6.3-43.el7.i686.rpm\ncups-devel-1.6.3-43.el7.x86_64.rpm\ncups-ipptool-1.6.3-43.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ncups-1.6.3-43.el7.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-43.el7.noarch.rpm\n\nx86_64:\ncups-1.6.3-43.el7.x86_64.rpm\ncups-client-1.6.3-43.el7.x86_64.rpm\ncups-debuginfo-1.6.3-43.el7.i686.rpm\ncups-debuginfo-1.6.3-43.el7.x86_64.rpm\ncups-libs-1.6.3-43.el7.i686.rpm\ncups-libs-1.6.3-43.el7.x86_64.rpm\ncups-lpd-1.6.3-43.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-43.el7.i686.rpm\ncups-debuginfo-1.6.3-43.el7.x86_64.rpm\ncups-devel-1.6.3-43.el7.i686.rpm\ncups-devel-1.6.3-43.el7.x86_64.rpm\ncups-ipptool-1.6.3-43.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncups-1.6.3-43.el7.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-43.el7.noarch.rpm\n\nppc64:\ncups-1.6.3-43.el7.ppc64.rpm\ncups-client-1.6.3-43.el7.ppc64.rpm\ncups-debuginfo-1.6.3-43.el7.ppc.rpm\ncups-debuginfo-1.6.3-43.el7.ppc64.rpm\ncups-devel-1.6.3-43.el7.ppc.rpm\ncups-devel-1.6.3-43.el7.ppc64.rpm\ncups-libs-1.6.3-43.el7.ppc.rpm\ncups-libs-1.6.3-43.el7.ppc64.rpm\ncups-lpd-1.6.3-43.el7.ppc64.rpm\n\nppc64le:\ncups-1.6.3-43.el7.ppc64le.rpm\ncups-client-1.6.3-43.el7.ppc64le.rpm\ncups-debuginfo-1.6.3-43.el7.ppc64le.rpm\ncups-devel-1.6.3-43.el7.ppc64le.rpm\ncups-libs-1.6.3-43.el7.ppc64le.rpm\ncups-lpd-1.6.3-43.el7.ppc64le.rpm\n\ns390x:\ncups-1.6.3-43.el7.s390x.rpm\ncups-client-1.6.3-43.el7.s390x.rpm\ncups-debuginfo-1.6.3-43.el7.s390.rpm\ncups-debuginfo-1.6.3-43.el7.s390x.rpm\ncups-devel-1.6.3-43.el7.s390.rpm\ncups-devel-1.6.3-43.el7.s390x.rpm\ncups-libs-1.6.3-43.el7.s390.rpm\ncups-libs-1.6.3-43.el7.s390x.rpm\ncups-lpd-1.6.3-43.el7.s390x.rpm\n\nx86_64:\ncups-1.6.3-43.el7.x86_64.rpm\ncups-client-1.6.3-43.el7.x86_64.rpm\ncups-debuginfo-1.6.3-43.el7.i686.rpm\ncups-debuginfo-1.6.3-43.el7.x86_64.rpm\ncups-devel-1.6.3-43.el7.i686.rpm\ncups-devel-1.6.3-43.el7.x86_64.rpm\ncups-libs-1.6.3-43.el7.i686.rpm\ncups-libs-1.6.3-43.el7.x86_64.rpm\ncups-lpd-1.6.3-43.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\ncups-debuginfo-1.6.3-43.el7.ppc64.rpm\ncups-ipptool-1.6.3-43.el7.ppc64.rpm\n\nppc64le:\ncups-debuginfo-1.6.3-43.el7.ppc64le.rpm\ncups-ipptool-1.6.3-43.el7.ppc64le.rpm\n\ns390x:\ncups-debuginfo-1.6.3-43.el7.s390x.rpm\ncups-ipptool-1.6.3-43.el7.s390x.rpm\n\nx86_64:\ncups-debuginfo-1.6.3-43.el7.x86_64.rpm\ncups-ipptool-1.6.3-43.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ncups-1.6.3-43.el7.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-43.el7.noarch.rpm\n\nx86_64:\ncups-1.6.3-43.el7.x86_64.rpm\ncups-client-1.6.3-43.el7.x86_64.rpm\ncups-debuginfo-1.6.3-43.el7.i686.rpm\ncups-debuginfo-1.6.3-43.el7.x86_64.rpm\ncups-devel-1.6.3-43.el7.i686.rpm\ncups-devel-1.6.3-43.el7.x86_64.rpm\ncups-libs-1.6.3-43.el7.i686.rpm\ncups-libs-1.6.3-43.el7.x86_64.rpm\ncups-lpd-1.6.3-43.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-43.el7.x86_64.rpm\ncups-ipptool-1.6.3-43.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-4180\nhttps://access.redhat.com/security/cve/CVE-2018-4181\nhttps://access.redhat.com/security/cve/CVE-2018-4700\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXoOcZtzjgjWX9erEAQj5vQ/+JKCLR2RmEo3wtGMY1WX6LNbQwv/cdECr\ns3N5rUh4rykPzjzFc3DGkTd7idUf0HwXuxKqhTqkEYKpsFOd79vXESpCGpp/AqaU\ngtD9T2eCeH1hIZvC6Ev/R7TU7V2NQwuyAoO8GAQyZ8ev/QuCxYFzUAfoke7Fe2rZ\nTc4PV8nL/Sf3RvJCVmlOjvtfpL2WX4PX2zB0XytIKqfCrWfTHq+5j3qAzIayPTzm\nYPH0ksu7ZfHA2Sy3tMRBYaksRbKahtZmBZKi41vigTiH/XqLRa+Y1CRSUEc9vwxj\nScQWNpy51O0tZUNhAbHiWBqyiyT7MpibKF6p/N8mwZ/6A6G36qUBqkW9zJZTEurS\neMnZrL4MhHCFLBhJbXYSbXRvbbYcFsfShktovTBwcDYO3x6Bf/bY2YgWe4fMNwh+\n03swOecUGLBxf5Esww6UaSzt2Es7h0p0k+PBvg7gXA13CVIjG55KmZITQzWIIOtM\nIRhnNBoORzLooa28eBkT/AiPkMU5gSWpe2Iy+tHrSgw5F+nyzYsWjiq1qpD2ifWG\nQRdhRgEtSRiwvljrtX0ZpxRXvYESa39nXclAtQcTePvH6/tFgpALQv06+6zcV6MS\nTjhhxzsDilA5DdQacoTJGz5HHZk0z0hsyJQyRBAKfuZQpIuFR0nHZ8yqhGdVeSOy\nAfLO6MsTpy4=UkWN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These issues have been identified with the following CVE ids:\n\nCVE-2017-15400\n\n    Rory McNamara discovered that an attacker is able to execute arbitrary\n    commands (with the privilege of the CUPS daemon) by setting a\n    malicious IPP server with a crafted PPD file. \n\nCVE-2018-4182\n\n    Dan Bastone of Gotham Digital Science discovered that an attacker\n    with sandboxed root access can execute backends without a sandbox\n    profile by provoking an error in CUPS\u0027 profile creation. \n\nCVE-2018-4183\n\n     Dan Bastone and Eric Rafaloff of Gotham Digital Science discovered\n     that an attacker with sandboxed root access can execute arbitrary\n     commands as unsandboxed root by modifying /etc/cups/cups-files.conf\n\nCVE-2018-6553\n\n    Dan Bastone of Gotham Digital Science discovered that an attacker\n    can bypass the AppArmor cupsd sandbox by invoking the dnssd backend\n    using an alternate name that has been hard linked to dnssd. \n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.2.1-8+deb9u2. \n\nWe recommend that you upgrade your cups packages. \n\nFor the detailed security status of cups please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/cups\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAltGE+0ACgkQbsLe9o/+\nN3RzTBAAog31K8+nfhrds2NQZeWaz0rGevs6hHj5wuf40FemG0IoHYfl7xba66Fx\ngVTZSDbpOuFnG1YQet0UpfsXsogTuaPv6/qP89YASEM8ncLSgBUTKS1bK7VM6SyP\nNZCWUmjmfsyf0yv7tvnWnq0k5I6MwHRRX6l0fI+treXz0nwjXDIPnKH1Xbv4zW1Y\nTTpmxD4FknyzkXJGxJoBwMcclPGCkT6W1IrBPQrjscUJvFBWiNW3umAoiuv+aCCr\nsM+raoK0SJTLFJ289AhrXajKilt0SfTHly12mpxUKnyevPCAz5o+nbtQMhQrALLQ\nfoRuTAfI3WhubZFd7bTUjhrVo1nhS4khnmriyRxsCL7o19dc5rfQd1fO1IvCDQCb\nYtnWhDD7Tfzspetpr5kUk/pbB1U//uyWDFji73ZURFPbn5Pa+Z80OUGIRd9IIlNg\nODJsNq5X/bjwoJgwJwi3W6SieyNWKBaTR5Ktk2iqBOJQ++KqV3BmsCVI/B/5NFnV\n/heBZYugaknsmdQVbdKa9jv3GIr4TE4frqJJrAsZ0KGnlKNNzoe3pQIk6nA0f/4d\nz3JalPDGwfL+Qq2AAJlqx2346ro0bViHUAGXJc1zsx44LHBVaRotV+a0gTXsh3z/\n3tQIHs2KZ4KRzczK7pbDDbeSEsaL6XsWb0vXbG2ZNAHoGxV7jQo=\n=g0fa\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201908-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: CUPS: Multiple vulnerabilities\n     Date: August 15, 2019\n     Bugs: #660954\n       ID: 201908-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in CUPS, the worst of which\ncould result in the arbitrary execution of code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-print/cups               \u003c 2.2.8                    \u003e= 2.2.8 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in CUPS. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll CUPS users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-print/cups-2.2.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-15400\n      https://nvd.nist.gov/vuln/detail/CVE-2017-15400\n[ 2 ] CVE-2018-4180\n      https://nvd.nist.gov/vuln/detail/CVE-2018-4180\n[ 3 ] CVE-2018-4181\n      https://nvd.nist.gov/vuln/detail/CVE-2018-4181\n[ 4 ] CVE-2018-4182\n      https://nvd.nist.gov/vuln/detail/CVE-2018-4182\n[ 5 ] CVE-2018-4183\n      https://nvd.nist.gov/vuln/detail/CVE-2018-4183\n[ 6 ] CVE-2018-6553\n      https://nvd.nist.gov/vuln/detail/CVE-2018-6553\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201908-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4180"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134211"
      },
      {
        "db": "PACKETSTORM",
        "id": "148510"
      },
      {
        "db": "PACKETSTORM",
        "id": "157003"
      },
      {
        "db": "PACKETSTORM",
        "id": "148503"
      },
      {
        "db": "PACKETSTORM",
        "id": "154076"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4180",
        "trust": 2.9
      },
      {
        "db": "JVN",
        "id": "JVNVU98864649",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "154076",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "157003",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-134211",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148510",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148503",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "db": "PACKETSTORM",
        "id": "148510"
      },
      {
        "db": "PACKETSTORM",
        "id": "157003"
      },
      {
        "db": "PACKETSTORM",
        "id": "148503"
      },
      {
        "db": "PACKETSTORM",
        "id": "154076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4180"
      }
    ]
  },
  "id": "VAR-201901-1017",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134211"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:42:52.740000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT208849",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208849"
      },
      {
        "title": "HT208849",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208849"
      },
      {
        "title": "[SECURITY] [DLA 1426-1] cups security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html"
      },
      {
        "title": "DSA-4243",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2018/dsa-4243"
      },
      {
        "title": "USN-3713-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3713-1/"
      },
      {
        "title": "Apple macOS High Sierra CUPS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88557"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-285",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4180"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201908-08"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208849"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2018/dsa-4243"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html"
      },
      {
        "trust": 1.7,
        "url": "https://usn.ubuntu.com/3713-1/"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4180"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4180"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98864649/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154076/gentoo-linux-security-advisory-201908-08.html"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4181"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6553"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4182"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15400"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3713-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18248"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4700"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-4180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-4700"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:1050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-4181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/cups"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "db": "PACKETSTORM",
        "id": "148510"
      },
      {
        "db": "PACKETSTORM",
        "id": "157003"
      },
      {
        "db": "PACKETSTORM",
        "id": "148503"
      },
      {
        "db": "PACKETSTORM",
        "id": "154076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4180"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-134211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "db": "PACKETSTORM",
        "id": "148510"
      },
      {
        "db": "PACKETSTORM",
        "id": "157003"
      },
      {
        "db": "PACKETSTORM",
        "id": "148503"
      },
      {
        "db": "PACKETSTORM",
        "id": "154076"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4180"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134211"
      },
      {
        "date": "2019-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "date": "2018-07-11T22:07:12",
        "db": "PACKETSTORM",
        "id": "148510"
      },
      {
        "date": "2020-04-01T15:05:46",
        "db": "PACKETSTORM",
        "id": "157003"
      },
      {
        "date": "2018-07-11T15:36:35",
        "db": "PACKETSTORM",
        "id": "148503"
      },
      {
        "date": "2019-08-15T20:22:49",
        "db": "PACKETSTORM",
        "id": "154076"
      },
      {
        "date": "2019-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      },
      {
        "date": "2019-01-11T18:29:01.047000",
        "db": "NVD",
        "id": "CVE-2018-4180"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134211"
      },
      {
        "date": "2019-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      },
      {
        "date": "2024-11-21T04:06:55.080000",
        "db": "NVD",
        "id": "CVE-2018-4180"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "macOS High Sierra of  CUPS Authorization vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013692"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-393"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4180 (GCVE-0-2018-4180)

VAR-201901-1017

cups vulnerabilities

Synopsis

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature