CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
References
Link | Resource |
---|---|
http://www.cups.org/str.php?L700 | Broken Link Patch |
http://www.novell.com/linux/security/advisories/2005_18_sr.html | Broken Link |
http://www.redhat.com/support/errata/RHSA-2005-571.html | Broken Link |
http://www.ubuntu.com/usn/usn-185-1 | Third Party Advisory |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 | Issue Tracking Vendor Advisory |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274 | Issue Tracking |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940 | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2005-07-05T04:00:00
Updated: 2017-10-10T00:57:01
Reserved: 2005-07-05T00:00:00
Link: CVE-2004-2154
JSON object: View
NVD Information
Status : Analyzed
Published: 2004-12-31T05:00:00.000
Modified: 2024-02-15T21:17:54.433
Link: CVE-2004-2154
JSON object: View
Redhat Information
No data.
CWE