CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability
BID:68788
Info
CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability
| Bugtraq ID: | 68788 |
| Class: | Design Error |
| CVE: |
CVE-2014-3537 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 19 2014 12:00AM |
| Updated: | Apr 13 2015 10:13PM |
| Credit: | Francisco Alonso of Red Hat Security Response Team. |
| Vulnerable: |
Ubuntu Ubuntu Linux 14.04 LTS Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Canonical Ubuntu Linux 14.04 LTS Canonical Ubuntu Linux 12.04 - Lts Canonical Ubuntu Linux 10.04 - Lts Apple Mac OS X 10.9.5 Apple Mac OS X 10.9.1 Apple Mac OS X 10.8.5 Apple Mac OS X 10.8.4 Apple Mac OS X 10.8.2 Apple Mac OS X 10.8.1 Apple Mac OS X 10.8 Apple Mac OS X 10.7.5 Apple Mac OS X 10.7 Apple Mac OS X 10.6.6 Apple Mac OS X 10.6.5 Apple Mac OS X 10.6.4 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.9.4 Apple Mac OS X 10.9.3 Apple Mac OS X 10.9.2 Apple Mac OS X 10.9 Apple Mac OS X 10.8.5 Supplemental Apple Mac OS X 10.8.3 Apple Mac OS X 10.8 Apple Mac OS X 10.7.4 Apple Mac OS X 10.7.3 Apple Mac OS X 10.7.2 Apple Mac OS X 10.7.1 Apple Mac OS X 10.7 Apple Mac OS X 10.6.8 Apple Mac OS X 10.6.7 Apple Mac OS X 10.6 Update 17 Apple Mac OS X 10.6 Update 14 Apple Mac OS X 10.6 Update 12 Apple Mac OS X 10.6 Apple Mac OS X 10.5 Apple CUPS 1.7.3 Apple CUPS 1.3.11 Apple CUPS 1.3.7 Apple CUPS 1.3.5 Apple CUPS 1.1.23 rc1 Apple CUPS 1.1.23 Apple CUPS 1.1.22 rc1 Apple CUPS 1.1.22 Apple CUPS 1.1.21 Apple CUPS 1.1.20 Apple CUPS 1.1.19 rc5 Apple CUPS 1.1.18 Apple CUPS 1.1.17 Apple CUPS 1.7.2 Apple CUPS 1.7.1 B1 Apple CUPS 1.7.1 Apple CUPS 1.7.0 Apple CUPS 1.7 Rc1 Apple CUPS 1.6.4 Apple CUPS 1.6.3 Apple CUPS 1.6.2 Apple CUPS 1.6.1 Apple CUPS 1.6 RC1 Apple CUPS 1.6 B1 Apple CUPS 1.5.4 Apple CUPS 1.5.3 Apple CUPS 1.5.2 Apple CUPS 1.5.1 Apple CUPS 1.5.0 Apple CUPS 1.5 Rc1 Apple CUPS 1.5 B2 Apple CUPS 1.5 B1 Apple CUPS 1.4.8 Apple CUPS 1.4.7 Apple CUPS 1.4.6 Apple CUPS 1.4.5 Apple CUPS 1.4.4 Apple CUPS 1.4.3 Apple CUPS 1.4.2 Apple CUPS 1.4.1 Apple CUPS 1.4.0 Apple CUPS 1.4 Rc1 Apple CUPS 1.4 B3 Apple CUPS 1.4 B2 Apple CUPS 1.4 B1 Apple CUPS 1.3.9 Apple CUPS 1.3.8 Apple CUPS 1.3.7-18 Apple CUPS 1.3.6 Apple CUPS 1.3.4 Apple CUPS 1.3.3 Apple CUPS 1.3.2 Apple CUPS 1.3.10 Apple CUPS 1.3.1 Apple CUPS 1.3.0 Apple CUPS 1.3 RC2 Apple CUPS 1.3 RC1 Apple CUPS 1.3 B1 Apple CUPS 1.2.9 Apple CUPS 1.2.8 Apple CUPS 1.2.7 Apple CUPS 1.2.6 Apple CUPS 1.2.5 Apple CUPS 1.2.4 Apple CUPS 1.2.3 Apple CUPS 1.2.2 Apple CUPS 1.2.12 Apple CUPS 1.2.11 Apple CUPS 1.2.10 Apple CUPS 1.2.1 Apple CUPS 1.2.0 Apple CUPS 1.2 RC3 Apple CUPS 1.2 RC2 Apple CUPS 1.2 RC1 Apple CUPS 1.2 B2 Apple CUPS 1.2 B1 Apple CUPS 1.1.9-1 Apple CUPS 1.1.9 Apple CUPS 1.1.8 Apple CUPS 1.1.7 Apple CUPS 1.1.6-3 Apple CUPS 1.1.6-2 Apple CUPS 1.1.6-1 Apple CUPS 1.1.6 Apple CUPS 1.1.5-2 Apple CUPS 1.1.5-1 Apple CUPS 1.1.5 Apple CUPS 1.1.4 Apple CUPS 1.1.3 Apple CUPS 1.1.22 Rc2 Apple CUPS 1.1.21 Rc2 Apple CUPS 1.1.21 Rc1 Apple CUPS 1.1.20 Rc6 Apple CUPS 1.1.20 Rc5 Apple CUPS 1.1.20 Rc4 Apple CUPS 1.1.20 Rc3 Apple CUPS 1.1.20 Rc2 Apple CUPS 1.1.20 Rc1 Apple CUPS 1.1.2 Apple CUPS 1.1.19 Rc4 Apple CUPS 1.1.19 Rc3 Apple CUPS 1.1.19 Rc2 Apple CUPS 1.1.19 Rc1 Apple CUPS 1.1.19 Apple CUPS 1.1.16 Apple CUPS 1.1.15 Apple CUPS 1.1.14 Apple CUPS 1.1.13 Apple CUPS 1.1.12 Apple CUPS 1.1.11 Apple CUPS 1.1.10-1 Apple CUPS 1.1.10 Apple CUPS 1.1.1 |
| Not Vulnerable: |
Apple Mac OS X 10.10 Apple CUPS 1.7.4 |
Discussion
CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability
CUPS is prone to a local privilege-escalation vulnerability.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible.
An attacker with local access could potentially exploit this issue to gain elevated privileges.
Versions prior to CUPS 1.7.4 are vulnerable.
CUPS is prone to a local privilege-escalation vulnerability.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible.
An attacker with local access could potentially exploit this issue to gain elevated privileges.
Versions prior to CUPS 1.7.4 are vulnerable.
Exploit / POC
CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability
References:
References:
- APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 (Apple)
- CUPS Home Page (Apple)
- CVE-2014-3537: Insufficient checking leads to privilege escalation (Francisco Alonso)