CVE-2017-18190
HIGHCUPS < 2.2.2 - Remote IPP Command Execution via DNS Rebinding
Title source: llmDescription
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3577-1/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
Scores
CVSS v3
7.5
EPSS
0.0303
EPSS Percentile
85.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-290
Status
published
Products (5)
apple/cups
< 2.2.2
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
debian/debian_linux
7.0
debian/debian_linux
8.0
Published
Feb 16, 2018
Tracked Since
Feb 18, 2026