Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1270

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-1270
Last Modified 21 Aug 2010 12:22:08
Published 10 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1270

Summary

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Vulnerable Systems

Operating System

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

Application

  • Easy Software Products Cups 1.0.4

  • Easy Software Products Cups 1.0.4 8

  • Easy Software Products Cups 1.1.1

  • Easy Software Products Cups 1.1.10

  • Easy Software Products Cups 1.1.12

  • Easy Software Products Cups 1.1.13

  • Easy Software Products Cups 1.1.14

  • Easy Software Products Cups 1.1.15

  • Easy Software Products Cups 1.1.16

  • Easy Software Products Cups 1.1.17

  • Easy Software Products Cups 1.1.18

  • Easy Software Products Cups 1.1.19

  • Easy Software Products Cups 1.1.19 Rc5

  • Easy Software Products Cups 1.1.20

  • Easy Software Products Cups 1.1.21

  • Easy Software Products Cups 1.1.22 Rc1

  • Easy Software Products Cups 1.1.4

  • Easy Software Products Cups 1.1.4 2

  • Easy Software Products Cups 1.1.4 3

  • Easy Software Products Cups 1.1.4 5

  • Easy Software Products Cups 1.1.6

  • Easy Software Products Cups 1.1.7


References

XF - cups-lppasswd-passwd-modify(18609)

REDHAT - RHSA-2005:053

REDHAT - RHSA-2005:013

MISC - http://tigger.uic.edu/~jlongs2/holes/cups2.txt

UBUNTU - USN-50-1

MANDRAKE - MDKSA-2005:008

GENTOO - GLSA-200412-25


Last Updated: 27 May 2016 10:38:58