CUPS Filter Bash Environment Variable Code Injection - exploit.company

vendor:

CUPS

by:

Stephane Chazelas, lcamtuf, Brendan Coles

9,8

CVSS

CRITICAL

Code Injection

78

CWE

Product Name: CUPS

Affected Version From: 1.4.3

Affected Version To: 1.7.2

Patch Exists: YES

Related CWE: CVE-2014-6271, CVE-2014-6278

CPE: a:apple:cups

Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-vid-81e2b308-4a6c-11e4-b711-6805ca0b3d42/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2014-3094/, https://www.rapid7.com/db/vulnerabilities/gnu-bash-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/pulse-secure-pulse-connect-secure-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-2380-1/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2014-3093/, https://www.rapid7.com/db/vulnerabilities/cisco-xe-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2014-3092/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-512d1301-49b9-11e4-ae2c-c80aa9043978/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2014-6277/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2014-1354/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/cisco-xe-cve-2014-6277/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2014-6277/, https://www.rapid7.com/db/vulnerabilities/pulse-secure-pulse-connect-secure-cve-2014-6277/, https://www.rapid7.com/db/vulnerabilities/hpsim-cve-2014-6277/, https://www.rapid7.com/db/vulnerabilities/apple-osx-bash-cve-2014-6277/, https://www.rapid7.com/db/?q=CVE-2014-6271&type=&page=2, https://www.rapid7.com/db/?q=CVE-2014-6271&type=&page=3, https://www.rapid7.com/db/?q=CVE-2014-6271&type=&page=4, https://www.rapid7.com/db/?q=CVE-2014-6271&type=&page=2, https://www.rapid7.com/db/vulnerabilities/cisco-xe-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/pulse-secure-pulse-connect-secure-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/gnu-bash-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2014-6278/, https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2014-6278/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 10.04, Debian 7, Fedora 19, Ubuntu 14.04

2014

CUPS Filter Bash Environment Variable Code Injection

This module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.

Mitigation:

Ensure that CUPS is updated to the latest version and that all environment variables are properly sanitized.

Source

Exploit-DB raw data: