Описание
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
A flaw was found in cups. A user in group defined by SystemGroup directive in /etc/cups/cups-files.conf can use the cups web ui to change the config
and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write.
Отчет
The highest threat of this flaw is to system availability. A local attacker with high privileges, specifically a user belonging to the SystemGroup as defined in /etc/cups/cups-files.conf, could exploit the CUPS web interface to introduce a malicious configuration line into cupsd.conf, leading to a denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | cups | Will not fix | ||
| Red Hat Enterprise Linux 7 | cups | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Will not fix | ||
| Red Hat Enterprise Linux 10 | cups | Fixed | RHSA-2026:0464 | 12.01.2026 |
| Red Hat Enterprise Linux 8 | cups | Fixed | RHSA-2026:0596 | 14.01.2026 |
| Red Hat Enterprise Linux 8 | cups | Fixed | RHSA-2026:0596 | 14.01.2026 |
| Red Hat Enterprise Linux 9 | cups | Fixed | RHSA-2026:0312 | 08.01.2026 |
| Red Hat Enterprise Linux 9 | cups | Fixed | RHSA-2026:0312 | 08.01.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
6 Medium
CVSS3
Связанные уязвимости
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
OpenPrinting CUPS vulnerable to stack based out-of-bound write
OpenPrinting CUPS is an open source printing system for Linux and othe ...
EPSS
6 Medium
CVSS3