95 matches found
CVE-2015-8560
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...
Input validation
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...
CVE-2015-8560
CVE-2015-8560 describes an incomplete blacklist vulnerability in foomatic-rip (util.c) used by cups-filters 1.0.42 and in foomatic-filters (Foomatic 4.0.x). The issue allows remote attackers to execute arbitrary commands by injecting a ; (semicolon) in a print job. Root cause is failure to fully ...
CVE-2015-8560
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...
foomatic-rip memory corruption vulnerability
Foomatic is a database-driven printing system developed by the Linux Foundation's OpenPrinting Working Group, which integrates a general-purpose back-end printing system for Unix with an open-source printer driver. foomatic-rip a.k.a. foomatic-filters is an internal component that helps the...
foomatic-rip Arbitrary Command Execution Vulnerability
Foomatic is a database-driven printing system developed by the Linux Foundation's OpenPrinting Working Group, which integrates a general-purpose back-end printing system for Unix with an open-source printer driver. foomatic-rip a.k.a. foomatic-filters is an internal component that helps the...
Scientific Linux Security Update : foomatic on SL6.x i386/x86_64 (20160323)
It was discovered that the unhtmlify function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. CVE-2010-5325 It was...
cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character
It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...
cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...
foomatic: potential remote arbitrary code execution
It was discovered that the unhtmlify function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code...
foomatic security update
4.0.4-5 - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, CVE-2015-8560 4.0.4-4 - Prevent foomatic-rip overrun bug 1214534...
The vulnerability of the Foomatic printing filter and the Ubuntu operating system allows a hacker to execute arbitrary commands.
The vulnerability of the foomatic-rip component util.c in the cups-filters package in Foomatic printing and the Ubuntu operating system is related to the use of an incomplete blacklist. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the quotation mark...
CVE-2015-8327
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via backtick characters in a print job...
Input validation
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via backtick characters in a print job...
CVE-2015-8327
CVE-2015-8327 is an incomplete blacklist vulnerability in util.c of the foomatic-rip component in cups-filters (and in foomatic-filters/Foomatic). It allows remote attackers to execute arbitrary commands via backtick characters in a print job. Affected are cups-filters 1.0.42 before 1.2.0 and Foo...
USN-2838-1: cups-filters vulnerability
Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user...
USN-2838-1 cups-filters vulnerability
Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user...
[SECURITY] [DSA 3419-1] cups-filters security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3419-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 15, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3419-1 (cups-filters - security update)
Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. OpenVAS Vulnerability Test $Id: deb3419.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3419-1 using nvtgen 1.0 Script version: 1....
CVE-2015-8560
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...