Sign-up

ID

VAR-201801-0089


CVE

CVE-2014-8166


TITLE

CUPS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-008495

DESCRIPTION

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. CUPS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AppleCUPS (CommonUnix Printing System) is an open source printing system for OSX and Unix-like systems from Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. There is an arbitrary code execution vulnerability in AppleCUPS. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected application or to cause a denial of service. Failed attempts will likely cause a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2014-8166 // JVNDB: JVNDB-2014-008495 // CNVD: CNVD-2018-03214 // BID: 73300

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-03214

AFFECTED PRODUCTS

vendor:cupsmodel:cupsscope:ltversion:1.6

Trust: 1.0

vendor:applemodel:cupsscope:eqversion:1.4.2

Trust: 0.9

vendor:cupsmodel:cupsscope: - version: -

Trust: 0.8

vendor:cupsmodel:cupsscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2018-03214 // BID: 73300 // JVNDB: JVNDB-2014-008495 // CNNVD: CNNVD-201506-561 // NVD: CVE-2014-8166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8166
value: HIGH

Trust: 1.0

NVD: CVE-2014-8166
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-03214
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-561
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2014-8166
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-03214
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-8166
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2014-8166
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-03214 // JVNDB: JVNDB-2014-008495 // CNNVD: CNNVD-201506-561 // NVD: CVE-2014-8166

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2014-008495 // NVD: CVE-2014-8166

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-561

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 73300 // CNNVD: CNNVD-201506-561

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008495

PATCH
title:Top Pageurl:https://www.cups.org/
Trust: 0.8
title:Bug 1084577url:https://bugzilla.redhat.com/show_bug.cgi?id=1084577
Trust: 0.8
title:Patch for AppleCUPS arbitrary code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/115593
Trust: 0.6
title:Apple CUPS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131526
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03214 // 
            
            
            
            JVNDB: JVNDB-2014-008495 // 
            
            
            
            CNNVD: CNNVD-201506-561

EXTERNAL IDS
db:NVDid:CVE-2014-8166
Trust: 3.3
db:BIDid:73300
Trust: 2.5
db:OPENWALLid:OSS-SECURITY/2015/03/24/2
Trust: 1.6
db:OPENWALLid:OSS-SECURITY/2015/03/24/15
Trust: 1.6
db:JVNDBid:JVNDB-2014-008495
Trust: 0.8
db:CNVDid:CNVD-2018-03214
Trust: 0.6
db:CNNVDid:CNNVD-201506-561
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03214 // 
            
            
            
            BID: 73300 // 
            
            
            
            JVNDB: JVNDB-2014-008495 // 
            
            
            
            CNNVD: CNNVD-201506-561 // 
            
            
            
            NVD: CVE-2014-8166

REFERENCES
url:http://www.securityfocus.com/bid/73300
Trust: 2.2
url:https://bugzilla.redhat.com/show_bug.cgi?id=1084577
Trust: 1.9
url:http://www.openwall.com/lists/oss-security/2015/03/24/15
Trust: 1.6
url:http://www.openwall.com/lists/oss-security/2015/03/24/2
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2014-8166
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8166
Trust: 0.8
url:http://www.cups.org/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-03214 // 
            
            
            
            BID: 73300 // 
            
            
            
            JVNDB: JVNDB-2014-008495 // 
            
            
            
            CNNVD: CNNVD-201506-561 // 
            
            
            
            NVD: CVE-2014-8166

CREDITS
Kurt Seifried
Trust: 0.9
sources:
            
            
            BID: 73300 // 
            
            
            
            CNNVD: CNNVD-201506-561

SOURCES
db:CNVDid:CNVD-2018-03214
db:BIDid:73300
db:JVNDBid:JVNDB-2014-008495
db:CNNVDid:CNNVD-201506-561
db:NVDid:CVE-2014-8166

LAST UPDATE DATE
2024-11-23T22:52:14.461000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03214date:2018-02-12T00:00:00
db:BIDid:73300date:2015-03-24T00:00:00
db:JVNDBid:JVNDB-2014-008495date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201506-561date:2020-10-26T00:00:00
db:NVDid:CVE-2014-8166date:2024-11-21T02:18:41.820

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-03214date:2018-02-12T00:00:00
db:BIDid:73300date:2015-03-24T00:00:00
db:JVNDBid:JVNDB-2014-008495date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201506-561date:2015-03-24T00:00:00
db:NVDid:CVE-2014-8166date:2018-01-12T17:29:00.507