Published: 10/08/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions before 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, before 2.2.4-7ubuntu3.1 in Ubuntu 17.10, before 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and before 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cups cups -
canonical ubuntu linux 17.10
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
debian debian linux 9.0
canonical ubuntu linux 18.04
debian debian linux 8.0

Debian Bug report logs - #903605 cups: CVE-2018-6553 Package: src:cups; Maintainer for src:cups is Debian Printing Team <debian-printing@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Jul 2018 19:15:02 UTC Severity: serious Tags: patch, security Found in version cups/221-8 F ...

Several security issues were fixed in CUPS ...

Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System These issues have been identified with the following CVE ids: CVE-2017-15400 Rory McNamara discovered that an attacker is able to execute arbitrary commands (with the privilege of the CUPS daemon) by setting a malicious IPP server with a crafted PPD file ...

NVD-CWE-noinfo https://usn.ubuntu.com/usn/usn-3713-1 https://www.debian.org/security/2018/dsa-4243 https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903605 https://usn.ubuntu.com/3713-1/https://nvd.nist.gov

CVE-2018-6553

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect