OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.
2.3.3op2-7ubuntu22.4.1op1-1ubuntu12.4.1op1-1ubuntu22.4.1op1-1ubuntu32.4.1op1-1ubuntu42.4.1op1-1ubuntu4.12.4.1op1-1ubuntu4.102.4.1op1-1ubuntu4.112.4.1op1-1ubuntu4.122.4.1op1-1ubuntu4.15+7 more2.4.6-0ubuntu32.4.7-1.2ubuntu22.4.7-1.2ubuntu32.4.7-1.2ubuntu72.4.7-1.2ubuntu7.12.4.7-1.2ubuntu7.22.4.7-1.2ubuntu7.32.4.7-1.2ubuntu7.42.4.7-1.2ubuntu7.72.4.7-1.2ubuntu7.92.4.12-0ubuntu12.4.12-0ubuntu22.4.12-0ubuntu32.4.12-0ubuntu3.32.4.12-0ubuntu3.52.1.0-4ubuntu32.1.0-52.1.0-62.1.0-6ubuntu12.1.0-72.1.2-12.1.2-22.1.3-12.1.3-1build12.1.3-3+22 more2.2.4-7ubuntu22.2.5-22.2.6-22.2.6-32.2.6-42.2.6-52.2.7-1ubuntu12.2.7-1ubuntu22.2.7-1ubuntu2.12.2.7-1ubuntu2.10+17 more2.2.12-2ubuntu12.3.0-62.3.0-72.3.0-7ubuntu12.3.1-1ubuntu12.3.1-22.3.1-42.3.1-72.3.1-9ubuntu12.3.1-9ubuntu1.1+11 moreExploitability
AV:AAC:LAT:PPR:NUI:NVulnerable System
VC:HVI:LVA:LSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N