[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-8327Date: (C)2015-12-21   (M)2023-12-22


Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-78524
DSA-3411
DSA-3429
RHSA-2016:0491
USN-2831-1
USN-2831-2
https://lists.debian.org/debian-printing/2015/11/msg00020.html
https://lists.debian.org/debian-printing/2015/12/msg00001.html
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886
openSUSE-SU-2016:0179

CPE    63
cpe:/a:linuxfoundation:cups-filters:1.0.48
cpe:/a:linuxfoundation:cups-filters:1.0.47
cpe:/a:linuxfoundation:cups-filters:1.0.49
cpe:/a:linuxfoundation:cups-filters:1.0.44
...
OVAL    10
oval:org.secpod.oval:def:89045171
oval:org.secpod.oval:def:702869
oval:org.secpod.oval:def:2103553
oval:org.secpod.oval:def:702870
...

© SecPod Technologies