A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
References
Link | Resource |
---|---|
https://bugs.chromium.org/p/project-zero/issues/detail?id=1048 | Exploit Issue Tracking Third Party Advisory |
https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3577-1/ | Third Party Advisory |
https://bugs.chromium.org/p/project-zero/issues/detail?id=1048 | Exploit Issue Tracking Third Party Advisory |
https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3577-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 03:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.chromium.org/p/project-zero/issues/detail?id=1048 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 - Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html - Mailing List, Third Party Advisory | |
References | () https://usn.ubuntu.com/3577-1/ - Third Party Advisory |
Information
Published : 2018-02-16 17:29
Updated : 2024-11-21 03:19
NVD link : CVE-2017-18190
Mitre link : CVE-2017-18190
CVE.ORG link : CVE-2017-18190
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
apple
- cups
CWE
CWE-290
Authentication Bypass by Spoofing