Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-6553

Опубликовано: 09 мая 2018
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

An AppArmor sandbox bypass has been discovered in cups due to the use of hard links which are not covered by the AppArmor profile. An attacker could use the hard link, if it exists, to execute the referenced backend without sandbox restrictions.

Отчет

This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux as they did not include support for AppArmor.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5cupsNot affected
Red Hat Enterprise Linux 6cupsNot affected
Red Hat Enterprise Linux 7cupsNot affected
Red Hat Enterprise Linux 8cupsNot affected
Red Hat Virtualization 4cupsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-270
https://bugzilla.redhat.com/show_bug.cgi?id=1607285cups: AppArmor cupsd Sandbox Bypass Due to Use of Hard Links

EPSS

Процентиль: 21%
0.00067
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-6553

CVSS3: 8.8
ubuntu
около 7 лет назад

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

nvd логотип

CVE-2018-6553

CVSS3: 8.8
nvd
около 7 лет назад

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

debian логотип

CVE-2018-6553

CVSS3: 8.8
debian
около 7 лет назад

The CUPS AppArmor profile incorrectly confined the dnssd backend due t ...

github логотип

GHSA-2f8v-v7q3-8gqv

CVSS3: 8.8
github
больше 3 лет назад

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

EPSS

Процентиль: 21%
0.00067
Низкий

7 High

CVSS3