Lucene search

[email protected]CVE-2004-1270

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1270

2005-01-1005:00:00

[email protected]

web.nvd.nist.gov

cups

lppasswd

local users

control

output

passwd.new

vulnerability

cve-2004-1270

5.9 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Affected configurations

NVD

Node

easy_software_productscupsMatch1.0.4

easy_software_productscupsMatch1.0.4_8

easy_software_productscupsMatch1.1.1

easy_software_productscupsMatch1.1.4

easy_software_productscupsMatch1.1.4_2

easy_software_productscupsMatch1.1.4_3

easy_software_productscupsMatch1.1.4_5

easy_software_productscupsMatch1.1.6

easy_software_productscupsMatch1.1.7

easy_software_productscupsMatch1.1.10

easy_software_productscupsMatch1.1.12

easy_software_productscupsMatch1.1.13

easy_software_productscupsMatch1.1.14

easy_software_productscupsMatch1.1.15

easy_software_productscupsMatch1.1.16

easy_software_productscupsMatch1.1.17

easy_software_productscupsMatch1.1.18

easy_software_productscupsMatch1.1.19

easy_software_productscupsMatch1.1.19_rc5

easy_software_productscupsMatch1.1.20

easy_software_productscupsMatch1.1.21

easy_software_productscupsMatch1.1.22_rc1

Node

redhatfedora_coreMatchcore_2.0

redhatfedora_coreMatchcore_3.0

CPENameOperatorVersion
easy_software_products:cupseasy software products cupseq1.0.4
easy_software_products:cupseasy software products cupseq1.0.4_8
easy_software_products:cupseasy software products cupseq1.1.1
easy_software_products:cupseasy software products cupseq1.1.4
easy_software_products:cupseasy software products cupseq1.1.4_2
easy_software_products:cupseasy software products cupseq1.1.4_3
easy_software_products:cupseasy software products cupseq1.1.4_5
easy_software_products:cupseasy software products cupseq1.1.6
easy_software_products:cupseasy software products cupseq1.1.7
easy_software_products:cupseasy software products cupseq1.1.10

CPE	Name	Operator	Version
easy_software_products:cups	easy software products cups	eq	1.0.4
easy_software_products:cups	easy software products cups	eq	1.0.4_8
easy_software_products:cups	easy software products cups	eq	1.1.1
easy_software_products:cups	easy software products cups	eq	1.1.4
easy_software_products:cups	easy software products cups	eq	1.1.4_2
easy_software_products:cups	easy software products cups	eq	1.1.4_3
easy_software_products:cups	easy software products cups	eq	1.1.4_5
easy_software_products:cups	easy software products cups	eq	1.1.6
easy_software_products:cups	easy software products cups	eq	1.1.7
easy_software_products:cups	easy software products cups	eq	1.1.10