CVE-2011-2697
published 2011-07-29CVE-2011-2697: foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine…
PriorityP344medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
10.79%
95.3th percentile
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | foomatic-filters | < foomatic-filters 4.0.9-1 (bookworm) | foomatic-filters 4.0.9-1 (bookworm) |
| debian | foomatic-filters | < foomatic-filters 4.0 (bookworm) | foomatic-filters 4.0 (bookworm) |
| debian | hplip | < foomatic-filters 4.0 (bookworm) | foomatic-filters 4.0 (bookworm) |
| foomatic-filters | foomatic-filters | >= 0 < 4.0.9-1 | 4.0.9-1 |
| foomatic-filters | foomatic-filters | >= 0 < 4.0 | 4.0 |
| foomatic-filters | foomatic-filters | >= 0 < 4.0.9-1 | 4.0.9-1 |
| foomatic-filters | foomatic-filters | >= 0 < 4.0 | 4.0 |
| foomatic-filters | foomatic-filters | >= 0 < 4.0.9-1 | 4.0.9-1 |
| foomatic-filters | foomatic-filters | >= 0 < 4.0 | 4.0 |
| foomatic-filters | foomatic-filters | >= 0 < 4.0.9-1 | 4.0.9-1 |
| foomatic-filters | foomatic-filters | >= 0 < 4.0 | 4.0 |
| hp | linux_imaging_and_printing_project | — | — |
| linuxfoundation | foomatic | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hc8g-chpw-24wx: foomaticrip
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2011-2964 [MEDIUM] CWE-94 GHSA-hc8g-chpw-24wx: foomaticrip
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
GHSA
GHSA-fwm5-c4jq-p4wv: foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3
ghsa_unreviewed·2022-05-17
CVE-2011-2697 [MEDIUM] CWE-20 GHSA-fwm5-c4jq-p4wv: foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
OSV
CVE-2011-2964: foomaticrip
osv·2011-07-29·CVSS 6.8
CVE-2011-2964 [MEDIUM] CVE-2011-2964: foomaticrip
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
OSV
CVE-2011-2697: foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3
osv·2011-07-29·CVSS 6.8
CVE-2011-2697 [MEDIUM] CVE-2011-2697: foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
Ubuntu
Foomatic filters vulnerabilities
vendor_ubuntu·2011-08-22
CVE-2011-2697 Foomatic filters vulnerabilities
Title: Foomatic filters vulnerabilities
Summary: An attacker could send crafted input to Foomatic and cause it to run
programs as the "lp" user.
It was discovered that the foomatic-rip Foomatic filter incorrectly
handled command-line options. An attacker could use this flaw to cause
Foomatic to execute arbitrary code as the "lp" user.
In the default installation, attackers would be isolated by the CUPS
AppArmor profile.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
foomatic: Improper sanitization of command line option in foomatic-rip
vendor_redhat·2011-06-07·CVSS 6.8
CVE-2011-2697 [MEDIUM] foomatic: Improper sanitization of command line option in foomatic-rip
foomatic: Improper sanitization of command line option in foomatic-rip
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
Package: foomatic (Red Hat Enterprise Linux 6) - Not affected
Red Hat
foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)
vendor_redhat·2011-06-07·CVSS 6.8
CVE-2011-2964 [MEDIUM] foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)
foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
Package: foomatic (Red Hat Enterprise Linux 4) - Not affected
Package: foomatic (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-2964: foomatic-filters - foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remot...
vendor_debian·2011·CVSS 6.8
CVE-2011-2964 [MEDIUM] CVE-2011-2964: foomatic-filters - foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remot...
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
Scope: local
bookworm: resolved (fixed in 4.0.9-1)
bullseye: resolved (fixed in 4.0.9-1)
forky: resolved (fixed in 4.0.9-1)
sid: resolved (fixed in 4.0.9-1)
trixie: resolved (fixed in 4.0.9-1)
Debian
CVE-2011-2697: foomatic-filters - foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote...
vendor_debian·2011·CVSS 6.8
CVE-2011-2697 [MEDIUM] CVE-2011-2697: foomatic-filters - foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote...
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
Scope: local
bookworm: resolved (fixed in 4.0)
bullseye: resolved (fixed in 4.0)
forky: resolved (fixed in 4.0)
sid: resolved (fixed in 4.0)
trixie: resolved (fixed in 4.0)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2964 foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)
bugzilla·2011-08-01·CVSS 6.8
CVE-2011-2964 [MEDIUM] CVE-2011-2964 foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)
CVE-2011-2964 foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2964 to
the following vulnerability:
Name: CVE-2011-2964
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2964
Assigned: 20110729
Reference: http://www.openwall.com/lists/oss-security/2011/07/13/3
Reference: http://www.openwall.com/lists/oss-security/2011/07/18/3
Reference: http://www.openwall.com/lists/oss-security/2011/07/28/1
Reference: https://bugzilla.novell.com/show_bug.cgi?id=698451
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=721001
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6
allows remote attackers to execute arbitrary code via a crafted
*FoomaticRIPCommandLine field in
Bugzilla
CVE-2011-2697 foomatic: Improper sanitization of command line option in foomatic-rip
bugzilla·2011-07-13·CVSS 6.8
CVE-2011-2697 [MEDIUM] CVE-2011-2697 foomatic: Improper sanitization of command line option in foomatic-rip
CVE-2011-2697 foomatic: Improper sanitization of command line option in foomatic-rip
It was found that foomatic-rip universal print filter did not properly sanitize content of "files to be printed" command line argument, prior performing of the print job. A remote attacker could provide a specially-crafted PostScript Printer Description (PPD) file and trick the local user into printing it, which once performed could lead to arbitrary code execution with the privileges of the user running the foomatic-rip tool.
References:
[1] https://bugzilla.novell.com/show_bug.cgi?id=698451
[2] http://www.openwall.com/lists/oss-security/2011/07/13/3
(CVE Request)
Proposed patch against the foomatic-rip C-source code:
[3] https://bugzilla.novell.com/show_bug.cgi?id=698451#c24
Proposed patch against th
http://security.gentoo.org/glsa/glsa-201203-07.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:125http://www.openwall.com/lists/oss-security/2011/07/13/3http://www.openwall.com/lists/oss-security/2011/07/18/3http://www.openwall.com/lists/oss-security/2011/07/28/1http://www.ubuntu.com/usn/USN-1194-1http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttps://bugzilla.novell.com/show_bug.cgi?id=698451https://bugzilla.redhat.com/show_bug.cgi?id=721001https://exchange.xforce.ibmcloud.com/vulnerabilities/68993http://security.gentoo.org/glsa/glsa-201203-07.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:125http://www.openwall.com/lists/oss-security/2011/07/13/3http://www.openwall.com/lists/oss-security/2011/07/18/3http://www.openwall.com/lists/oss-security/2011/07/28/1http://www.ubuntu.com/usn/USN-1194-1http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttps://bugzilla.novell.com/show_bug.cgi?id=698451https://bugzilla.redhat.com/show_bug.cgi?id=721001https://exchange.xforce.ibmcloud.com/vulnerabilities/68993
2011-07-29
Published