CVE-2017-18190

CWE-290 CWE-284 — Improper Access Control9 documents8 sources

Severity

7.5HIGH

EPSS

0.7%

top 28.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Canonical Ubuntu Linux Debian Debian Linux

Timeline

PublishedFeb 16

Latest updateMay 13

Description

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDapple/cups< 2.2.2

▶Debiancups< 2.2.3-2+3

▶Ubuntucups< 1.7.2-0ubuntu1.9+1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 14.04, 16.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-vfqc-qhm9-65mm: A localhost↗2022-05-13

▶

OSV

cups vulnerability↗2018-02-21

▶

OSV

CVE-2017-18190: A localhost↗2018-02-16

▶

CVEList

CVE-2017-18190: A localhost↗2018-02-16

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerability↗2018-02-21

▶

Red Hat

cups: DNS rebinding attacks via incorrect whitelist↗2018-02-16

▶

Debian

CVE-2017-18190: cups - A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in...↗2017

▶

💬Community

Bugzilla

CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist↗2018-02-16

▶