Bug 473915 (CVE-2008-5184)

Summary:	CVE-2008-5184 cups: improper use of the 'guest' username in the web UI, when user not logged on to the server
Product:	[Other] Security Response	Reporter:	Jan Lieskovsky <jlieskov>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED NOTABUG	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	twaugh
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2010-03-29 08:44:13 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	473909
Bug Blocks:

Description Jan Lieskovsky 2008-12-01 13:13:04 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5184 to
the following vulnerability:

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the
guest username when a user is not logged on to the web server, which
makes it easier for remote attackers to bypass intended policy and
conduct CSRF attacks via the (1) add and (2) cancel RSS subscription
functions.

References: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5184
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/
http://www.openwall.com/lists/oss-security/2008/11/19/3

Patch: 
http://www.cups.org/str.php?L2774

Comment 1 Tomas Hoger 2010-03-29 08:44:13 UTC

This issue did not affect cups versions as shipped with Red Hat Enterprise Linux 3 and 4.  It did not affect 1.2.x version of cups shipped with Red Hat Enterprise Linux.  Those versions do not support RSS subscriptions.

cups was updated to version 1.3.7 in Red Hat Enterprise Linux 5.3.  Packages released in RHEL 5.3 include a patch for this issue and are not affected by this flaw.

https://www.redhat.com/security/data/cve/CVE-2008-5184.html