Bug 1081557 - (CVE-2017-18190) VUL-0: CVE-2017-18190: cups: The 'localhost.localdomain' whitelist entry in CUPS before 2.2.2 allows remote attackers to access the local cupsd on 127.0.0.1 via DNS rebinding attack.
(CVE-2017-18190)
VUL-0: CVE-2017-18190: cups: The 'localhost.localdomain' whitelist entry in C...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All SLES 12
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/200339/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-19 13:16 UTC by Karol Babioch
Modified: 2018-03-06 23:47 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-02-19 13:16:14 UTC
CVE-2017-18190

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in
CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by
sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The
localhost.localdomain name is often resolved via a DNS server (neither the OS
nor the web browser is responsible for ensuring that localhost.localdomain is
127.0.0.1).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1546395
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18190
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18190.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41
Comment 1 Karol Babioch 2018-02-19 13:17:14 UTC
Affected:

- SUSE:SLE-12:Update

Not affected:

- SUSE:SLE-10-SP3:Update
- SUSE:SLE-11:Update

Upstream fix: https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41
Comment 2 Karol Babioch 2018-02-19 13:25:31 UTC
https://build.suse.de/request/show/155229
Comment 3 Johannes Meixner 2018-02-20 08:57:26 UTC
Mainly for the sake of completeness:
I checked /etc/hosts on my SLE12 (and also SLE11) system and
there we do not have an entry for 'localhost.localdomain'
(we only have entries for 'localhost') so that on SLE
'localhost.localdomain' is resolved via a DNS server.
Comment 4 Swamp Workflow Management 2018-03-05 14:12:08 UTC
SUSE-SU-2018:0604-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1081557
CVE References: CVE-2017-18190
Sources used:
SUSE OpenStack Cloud 6 (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Server 12-SP2 (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Server 12-LTSS (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    cups-1.7.5-20.3.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    cups-1.7.5-20.3.1
Comment 5 Andreas Stieger 2018-03-06 19:21:23 UTC
showing as done here
Comment 6 Swamp Workflow Management 2018-03-06 23:11:40 UTC
openSUSE-SU-2018:0618-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1081557
CVE References: CVE-2017-18190
Sources used:
openSUSE Leap 42.3 (src):    cups-1.7.5-12.3.1