CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
References
Link | Resource |
---|---|
http://www.cups.org/str.php?L700 | Broken Link Patch |
http://www.novell.com/linux/security/advisories/2005_18_sr.html | Broken Link |
http://www.redhat.com/support/errata/RHSA-2005-571.html | Broken Link |
http://www.ubuntu.com/usn/usn-185-1 | Third Party Advisory |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 | Issue Tracking Vendor Advisory |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274 | Issue Tracking |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940 | Broken Link |
Configurations
History
15 Feb 2024, 21:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-178 | |
References | () http://www.cups.org/str.php?L700 - Broken Link, Patch | |
References | () http://www.novell.com/linux/security/advisories/2005_18_sr.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2005-571.html - Broken Link | |
References | () http://www.ubuntu.com/usn/usn-185-1 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 - Issue Tracking, Vendor Advisory | |
References | () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274 - Issue Tracking | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940 - Broken Link | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:* cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:* |
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:* cpe:2.3:a:apple:cups:1.1.21:-:*:*:*:*:*:* |
First Time |
Apple
Apple cups Canonical Canonical ubuntu Linux |
Information
Published : 2004-12-31 05:00
Updated : 2024-08-01 13:41
NVD link : CVE-2004-2154
Mitre link : CVE-2004-2154
CVE.ORG link : CVE-2004-2154
JSON object : View
Products Affected
apple
- cups
canonical
- ubuntu_linux
CWE
CWE-178
Improper Handling of Case Sensitivity