124 matches found
RedHat Update for cups-filters RHSA-2014:1795-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
cups-filters: cups-browsed DoS via process_browse_data() OOB read
An out-of-bounds read flaw was found in the way the processbrowsedata function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon...
Moderate: Red Hat Security Advisory: cups-filters security update
Updated cups-filters packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts
A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions...
cups-filters security update
1.0.35-15:.1 - Applied upstream patch to fix BrowseAllow parsing issue CVE-2014-4338, bug 1091568. - Applied upstream patch for cups-browsed DoS via processbrowsedata out-of-bounds read CVE-2014-4337, bug 1111510...
CVE-2014-4336
The generatelocalqueue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...
CVE-2014-4338
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses...
DEBIAN-CVE-2014-4337
The processbrowsedata function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service out-of-bounds read and application crash via crafted packet data...
DEBIAN-CVE-2014-4338
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses...
DEBIAN-CVE-2014-4336
The generatelocalqueue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...
Design/Logic Flaw
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses...
CVE-2014-4336
The generatelocalqueue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...
UBUNTU-CVE-2014-4337
The processbrowsedata function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service out-of-bounds read and application crash via crafted packet data...
UBUNTU-CVE-2014-4336
The generatelocalqueue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...
CVE-2014-4337
The processbrowsedata function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service out-of-bounds read and application crash via crafted packet data...
CVE-2014-4336
The generatelocalqueue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...
CVE-2014-4336
CVE-2014-4336 affects cups-filters (cups-browsed) where the generate_local_queue function in utils/cups-browsed.c allowed remote IPP printers to trigger shell commands via metacharacters in the host name. The issue arises from an incomplete fix for CVE-2014-2707 and is present in cups-filters bef...
CVE-2014-4338
CVE-2014-4338 affects cups-filters (cups-browsed) prior to 1.0.53. A malformed BrowseAllow directive in cups-browsed.conf can be interpreted as granting browse access to all IP addresses, bypassing intended access restrictions in opportunistic circumstances. Public references indicate the issue i...
cups-filters code execution
cups-browsed shell characters vulnerabiilty...
Updated cups-filters packages fix security vulnerability
Updated cups-filters packages fix security vulnerability: Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups- browsed daemon CVE-2014-2707. Note that only systems that have enabled the affected feature by usin...