Back to search
CVE-2004-1270
Published: Dec 22, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2005:013
vendor-advisory
x_refsource_REDHAT
cups-lppasswd-passwd-modify(18609)
vdb-entry
x_refsource_XF
MDKSA-2005:008
vendor-advisory
x_refsource_MANDRAKE
RHSA-2005:053
vendor-advisory
x_refsource_REDHAT
USN-50-1
vendor-advisory
x_refsource_UBUNTU
GLSA-200412-25
vendor-advisory
x_refsource_GENTOO
oval:org.mitre.oval:def:11507
vdb-entry
signature
x_refsource_OVAL
http://tigger.uic.edu/~jlongs2/holes/cups2.txt
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now