The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
References
Link | Resource |
---|---|
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 | Patch Third Party Advisory |
http://openwall.com/lists/oss-security/2014/04/25/7 | Patch Third Party Advisory |
http://openwall.com/lists/oss-security/2014/06/19/12 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-06-22T21:00:00
Updated: 2014-06-22T20:57:00
Reserved: 2014-06-19T00:00:00
Link: CVE-2014-4336
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-06-22T21:55:03.457
Modified: 2018-01-03T13:45:38.067
Link: CVE-2014-4336
JSON object: View
Redhat Information
No data.
CWE