Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1269Software Products Cups vulnerability

9 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
8.6%
top 7.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Apple CupsEasy Software Products CupsRedhat Fedora Core
Timeline
PublishedJan 10
Latest updateApr 29

Description

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianapple/cups< 1.1.22-2+3
NVDeasy_software_products/cups22 versions+21
NVDredhat/fedora_corecore_2.0, core_3.0+1

🔴Vulnerability Details

3
GHSA
GHSA-v5xh-vw4x-23mx: lppasswd in CUPS 12022-04-29
OSV
CVE-2004-1269: lppasswd in CUPS 12005-01-10
CVEList
CVE-2004-1269: lppasswd in CUPS 12004-12-22

💥Exploits & PoCs

1
Exploit-DB
Easy Software Products LPPassWd 1.1.22 - Resource Limit Denial of Service2004-12-11

📋Vendor Advisories

3
Ubuntu
CUPS vulnerabilities2004-12-23
Red Hat
security flaw2004-12-15
Debian
CVE-2004-1269: cups - lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a f...2004

💬Community

1
Bugzilla
CVE-2004-1269 security flaw2018-08-16
CVE-2004-1269 — Software Products Cups vulnerability | cvebase