Vigil@nce: CUPS, Cross Site Scripting via kerberos
November 2009 by Vigil@nce
An attacker can use the kerberos parameter, in order to generate a
Cross Site Scripting in the CUPS administration web site.
– Severity: 2/4
– Consequences: client access/rights
– Provenance: document
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 10/11/2009
IMPACTED PRODUCTS
– Debian Linux
– OpenSolaris
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The CUPS (Common UNIX Printing System) product provides printers
management under Unix. It can be reached via a web site listening
on the port 631/tcp.
A url can contain the same parameter twice. For example:
http://server/page?parameter=value1¶meter=value2
However, the "admin" page of the CUPS web site does not correctly
handle the case where the "kerberos" parameter is used twice. An
attacker can therefore generate a Cross Site Scripting.
An attacker can thus use the kerberos parameter, in order to
generate a Cross Site Scripting in the CUPS administration web
site.
CHARACTERISTICS
– Identifiers: 271169, 6893187, BID-36958, CVE-2009-2820, DSA
1933-1, STR #3367, VIGILANCE-VUL-9182
– Url: http://vigilance.fr/vulnerability/CUPS-Cross-Site-Scripting-via-kerberos-9182