Skip to main content

Ubuntu CVE-2018-6553

HIGH
2018-08-10 security@ubuntu.com
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 10, 2018 - 15:29 nvd
HIGH 8.8

DescriptionNVD

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

AnalysisAI

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. Affected products include: Cups, Canonical Ubuntu Linux, Debian Debian Linux. Version information: prior to 2.2.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Cups

View all
CVE-2015-1158 CRITICAL POC
10.0 Jun 26

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-va

CVE-2015-1159 MEDIUM POC
4.3 Jun 26

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS b

CVE-2012-5519 HIGH POC
7.2 Nov 20

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator

CVE-2023-34241 HIGH POC
7.1 Jun 22

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Rat

CVE-2023-4504 HIGH POC
7.0 Sep 21

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are sus

CVE-2025-58364 MEDIUM POC
6.5 Sep 11

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severi

CVE-2025-61915 MEDIUM POC
6.0 Nov 29

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severi

CVE-2023-32324 MEDIUM POC
5.5 Jun 01

OpenPrinting CUPS is an open source printing system. Rated medium severity (CVSS 5.5), this vulnerability is no authenti

CVE-2025-58436 MEDIUM POC
5.1 Nov 29

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severi

CVE-2014-9679 MEDIUM
6.8 Feb 19

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers t

CVE-2022-26691 MEDIUM
6.7 May 26

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.7), this vulnerability is low

CVE-2014-5031 MEDIUM
5.0 Jul 29

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote atta

Share

CVE-2018-6553 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy