CVE-2018-6553Privilege Context Switching Error in Cups

CWE-270Privilege Context Switching Error8 documents7 sources
Severity
8.8HIGHNVD
OSV5.3
EPSS
0.1%
top 64.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple CupsDebian CupsCanonical Ubuntu Linux+1 more
Timeline
PublishedAug 10
Latest updateMay 13

Description

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

debiandebian/cups< cups 2.2.8-5 (bookworm)
Debianapple/cups< 2.2.8-5+3
Ubuntuapple/cups< 1.7.2-0ubuntu1.10+2

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Debian Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-2f8v-v7q3-8gqv: The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links2022-05-13
OSV
CVE-2018-6553: The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links2018-08-10
OSV
cups vulnerabilities2018-07-11

📋Vendor Advisories

3
Ubuntu
CUPS vulnerabilities2018-07-11
Red Hat
cups: AppArmor cupsd Sandbox Bypass Due to Use of Hard Links2018-05-09
Debian
CVE-2018-6553: cups - The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of h...2018

💬Community

1
Bugzilla
CVE-2018-6553 cups: AppArmor cupsd Sandbox Bypass Due to Use of Hard Links2018-07-23