CVE-2012-6094 : cups (Common Unix Printing System) 'Listen localhost:631' option not honored cor

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

Published 2019-12-20 15:15:11

Updated 2020-11-16 20:46:04

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Bypass

Products affected by CVE-2012-6094

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Apple » Cups
Versions before (<) 1.5.4-1.1
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.68%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Assigned by: nvd@nist.gov (Primary)

https://exchange.xforce.ibmcloud.com/vulnerabilities/82451

Common Unix Printing System Listen unauthorized access CVE-2012-6094 Vulnerability Report
Third Party Advisory;VDB Entry
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6094

Bug 795624 – CVE-2012-6094: systemd socket activation sometimes breaks cups printing
Issue Tracking;Third Party Advisory
https://access.redhat.com/security/cve/cve-2012-6094

Red Hat Customer Portal
Third Party Advisory
http://www.securityfocus.com/bid/57158

CUPS 'Listen localhost:631' Option Unauthorized Access Vulnerability
Third Party Advisory;VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6094

891942 – (CVE-2012-6094) CVE-2012-6094 cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation
Issue Tracking;Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/01/04/5

oss-security - Re: CVE Request - cups: 'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation
Mailing List;Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2012-6094

CVE-2012-6094
Third Party Advisory

Jump to