The remote host is running a CUPS server whose version number is between 1.0.4 and 1.1.22 inclusive. Such versions are prone to multiple vulnerabilities : - The is_path_absolute function in scheduler/client.c for the daemon in CUPS allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a '..\..' URL in an HTTP request. - A remotely exploitable buffer overflow in the 'hpgltops' filter that enable specially crafted HPGL files can execute arbitrary commands as the CUPS 'lp' account. - A local user may be able to prevent anyone from changing his or her password until a temporary copy of the new password file is cleaned up ('lppasswd' flaw). - A local user may be able to add arbitrary content to the password file by closing the stderr file descriptor while running lppasswd (lppasswd flaw). - A local attacker may be able to truncate the CUPS password file, thereby denying service to valid clients using digest authentication. (lppasswd flaw). - The application applys ACLs to incoming print jobs in a case-sensitive fashion. Thus, an attacker can bypass restrictions by changing the case in printer names when submitting jobs. [Fixed in 1.1.21.] ***** OVS has determined the vulnerability exists simply ***** by looking at the version number of CUPS installed on ***** the remote host.

Upgrade to CUPS 1.1.23 or later.

• http://www.cups.org/str.php?L700
• http://www.cups.org/str.php?L1023
• http://www.cups.org/str.php?L1024
• http://www.cups.org/str.php?L1042

---

Updated on 2015-03-25