CVE-2004-1270 — Software Products Cups vulnerability

8 documents8 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 71.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Easy Software Products Cups Redhat Fedora Core

Timeline

PublishedJan 10

Latest updateApr 29

Description

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶Debianapple/cups< 1.1.22-2+3

▶NVDeasy_software_products/cups22 versions+21

▶NVDredhat/fedora_corecore_2.0, core_3.0+1

🔴Vulnerability Details

GHSA

GHSA-hxq6-gg87-xqc4: lppasswd in CUPS 1↗2022-04-29

▶

OSV

CVE-2004-1270: lppasswd in CUPS 1↗2005-01-10

▶

CVEList

CVE-2004-1270: lppasswd in CUPS 1↗2004-12-22

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2004-12-23

▶

Red Hat

security flaw↗2004-12-15

▶

Debian

CVE-2004-1270: cups - lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file d...↗2004

▶

💬Community

Bugzilla

CVE-2004-1270 security flaw↗2018-08-16

▶