Vulnerability Details : CVE-2015-1158
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
Products affected by CVE-2015-1158
- cpe:2.3:a:cups:cups:*:*:*:*:*:*:*:*
Threat overview for CVE-2015-1158
Top countries where our scanners detected CVE-2015-1158
Top open port discovered on systems with this issue
631
IPs affected by CVE-2015-1158 71,704
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-1158!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-1158
91.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1158
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-1158
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1158
-
https://www.exploit-db.com/exploits/37336/
CUPS < 2.0.3 - Multiple Vulnerabilities
-
http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html
Project Zero: Owning Internet Printing - A Case Study in Modern Software Exploitation
-
http://www.securitytracker.com/id/1032556
CUPS Bugs Let Remote Users Gain Elevated Privileges and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
http://www.kb.cert.org/vuls/id/810572
VU#810572 - CUPS print service is vulnerable to privilege escalation and cross-site scriptingThird Party Advisory;US Government Resource
-
http://www.cups.org/blog.php?L1082
CUPS 2.0.3 - CUPS.orgVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
[security-announce] SUSE-SU-2015:1041-1: critical: Security update for c
-
http://www.debian.org/security/2015/dsa-3283
Debian -- Security Information -- DSA-3283-1 cups
-
https://www.cups.org/str.php?L4609
CERT VU#810572: Privilege escalation through dynamic linker and isolated vulnerabilities · Issue #4609 · apple/cups · GitHubVendor Advisory
-
http://www.ubuntu.com/usn/USN-2629-1
USN-2629-1: CUPS vulnerabilities | Ubuntu security notices
-
https://bugzilla.opensuse.org/show_bug.cgi?id=924208
Bug 924208 – VUL-0: CVE-2015-1158 CVE-2015-1159: cups: privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on server (plus weird ld.so interaction)
-
https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py
oldays/CVE-2015-1158.py at master · 0x00string/oldays · GitHub
-
https://bugzilla.redhat.com/show_bug.cgi?id=1221641
1221641 – (CVE-2015-1158) CVE-2015-1158 cups: incorrect string reference counting (VU#810572)
-
https://www.exploit-db.com/exploits/41233/
CUPS < 2.0.3 - Remote Command Execution
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
[security-announce] SUSE-SU-2015:1044-1: critical: Security update for c
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702
Juniper Networks - 2015-10 Security Bulletin: QFabric 3100 Director: CUPS printing system Improper Update of Reference Count leads to remote chained vulnerability attack via XSS against authenticated
-
https://code.google.com/p/google-security-research/issues/detail?id=455
455 - Placeholder: PoC for cupsd exploit of string reference count over decrement - project-zero - Monorail
-
http://rhn.redhat.com/errata/RHSA-2015-1123.html
RHSA-2015:1123 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201510-07
CUPS: Multiple vulnerabilities (GLSA 201510-07) — Gentoo security
-
http://www.securityfocus.com/bid/75098
CUPS CVE-2015-1158 Remote Privilege Escalation Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
[security-announce] openSUSE-SU-2015:1056-1: critical: Security update f
Jump to