CVE-2018-6553

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
cupscups
-
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cups
bullseye
2.3.3op2-3+deb11u8
fixed
bullseye (security)
2.3.3op2-3+deb11u9
fixed
bookworm
2.4.2-3+deb12u7
fixed
bookworm (security)
2.4.2-3+deb12u8
fixed
sid
2.4.10-2
fixed
trixie
2.4.10-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cups
bionic
Fixed 2.2.7-1ubuntu2.1
released
artful
Fixed 2.2.4-7ubuntu3.1
released
xenial
Fixed 2.1.3-4ubuntu0.5
released
trusty
Fixed 1.7.2-0ubuntu1.10
released
References
https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html
https://security.gentoo.org/glsa/201908-08
https://usn.ubuntu.com/usn/usn-3713-1
https://www.debian.org/security/2018/dsa-4243
https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html
https://security.gentoo.org/glsa/201908-08
https://usn.ubuntu.com/usn/usn-3713-1
https://www.debian.org/security/2018/dsa-4243