Bug 2084321 (CVE-2022-26691) - CVE-2022-26691 cups: authorization bypass when using "local" authorization
Summary: CVE-2022-26691 cups: authorization bypass when using "local" authorization
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-26691
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2084406 2084408 2084402 2084403 2084404 2084405 2084407 2090715 2090716
Blocks: 2084328
TreeView+ depends on / blocked
 
Reported: 2022-05-11 21:01 UTC by Anten Skrabec
Modified: 2022-07-26 13:49 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution.
Clone Of:
Environment:
Last Closed: 2022-06-16 01:55:05 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:5087 0 None None None 2022-06-16 11:21:26 UTC
Red Hat Product Errata RHBA-2022:5089 0 None None None 2022-06-16 11:24:08 UTC
Red Hat Product Errata RHBA-2022:5106 0 None None None 2022-06-16 21:22:27 UTC
Red Hat Product Errata RHBA-2022:5126 0 None None None 2022-06-20 13:31:01 UTC
Red Hat Product Errata RHBA-2022:5138 0 None None None 2022-06-21 11:44:31 UTC
Red Hat Product Errata RHBA-2022:5164 0 None None None 2022-06-22 11:37:12 UTC
Red Hat Product Errata RHBA-2022:5165 0 None None None 2022-06-23 10:54:21 UTC
Red Hat Product Errata RHBA-2022:5191 0 None None None 2022-06-23 15:16:04 UTC
Red Hat Product Errata RHBA-2022:5412 0 None None None 2022-06-28 17:33:04 UTC
Red Hat Product Errata RHBA-2022:5591 0 None None None 2022-07-14 14:50:31 UTC
Red Hat Product Errata RHBA-2022:5711 0 None None None 2022-07-26 11:44:36 UTC
Red Hat Product Errata RHBA-2022:5713 0 None None None 2022-07-26 13:49:12 UTC
Red Hat Product Errata RHSA-2022:4990 0 None None None 2022-06-15 22:12:44 UTC
Red Hat Product Errata RHSA-2022:5054 0 None None None 2022-06-15 12:50:57 UTC
Red Hat Product Errata RHSA-2022:5055 0 None None None 2022-06-15 13:33:10 UTC
Red Hat Product Errata RHSA-2022:5056 0 None None None 2022-06-15 15:05:40 UTC
Red Hat Product Errata RHSA-2022:5057 0 None None None 2022-06-15 14:12:34 UTC

Description Anten Skrabec 2022-05-11 21:01:31 UTC
CUPS requires users to demonstrate root/admin level access to perform various printer management related functions. Authentication to CUPS is completed by a web interface or over a dedicated file socket. Traditionally, users authenticate via traditional HTTP “Basic” web authorization. However, CUPS also allows authentication via a 32 byte randomly generated hex string. This method of authorization, called “Local” authorization by CUPS, has a bug that allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key. Root/admin access to CUPS yields arbitrary code execution as root with further effort. This affects CUPS 2.x

Comment 17 Avinash Hanwate 2022-05-26 12:23:58 UTC
Lifting embargo.

Comment 18 Avinash Hanwate 2022-05-26 12:24:32 UTC
Created cups tracking bugs for this issue:

Affects: fedora-34 [bug 2090715]
Affects: fedora-35 [bug 2090716]

Comment 21 errata-xmlrpc 2022-06-15 12:50:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:5054 https://access.redhat.com/errata/RHSA-2022:5054

Comment 22 errata-xmlrpc 2022-06-15 13:33:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5055 https://access.redhat.com/errata/RHSA-2022:5055

Comment 23 errata-xmlrpc 2022-06-15 14:12:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5057 https://access.redhat.com/errata/RHSA-2022:5057

Comment 24 errata-xmlrpc 2022-06-15 15:05:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5056 https://access.redhat.com/errata/RHSA-2022:5056

Comment 25 errata-xmlrpc 2022-06-15 22:12:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4990 https://access.redhat.com/errata/RHSA-2022:4990

Comment 26 Product Security DevOps Team 2022-06-16 01:55:03 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-26691


Note You need to log in before you can comment on or make changes to this bug.