Vulnerability Name:

CVE-2004-1270 (CCN-18609)

Assigned:2004-12-15
Published:2004-12-15
Updated:2018-10-03
Summary:lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2004-1270

Source: CCN
Type: RHSA-2005-013
cups security update

Source: CCN
Type: RHSA-2005-053
CUPS security update

Source: CCN
Type: University of Illinois Chicago Web site
CUPS 1.1.22 lppasswd ignores write errors, etc.

Source: MISC
Type: Exploit, Vendor Advisory
http://tigger.uic.edu/~jlongs2/holes/cups2.txt

Source: CCN
Type: CIAC Information Bulletin P-142
XPDF/GPDF - CUPS Vulnerabilities

Source: CCN
Type: CUPS Software Trouble Report #1023
CUPS 1.1.22 lppasswd ignores write

Source: CCN
Type: GLSA-200412-25
CUPS: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200412-25

Source: CCN
Type: Fedora Update Notification FEDORA-2004-559
cups-1.1.20-11.7 update

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:008

Source: REDHAT
Type: UNKNOWN
RHSA-2005:013

Source: REDHAT
Type: UNKNOWN
RHSA-2005:053

Source: CCN
Type: BID-12007
Easy Software Products LPPassWd CUPS Password File Error Message Injection Vulnerability

Source: CCN
Type: TLSA-2005-25
Multiple vulnerabilities exist in CUPS

Source: CCN
Type: USN-50-1
CUPS vulnerabilities

Source: XF
Type: UNKNOWN
cups-lppasswd-passwd-modify(18609)

Source: XF
Type: UNKNOWN
cups-lppasswd-passwd-modify(18609)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11507

Source: UBUNTU
Type: UNKNOWN
USN-50-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora_core:2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:11507
    V
    		lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
    2013-04-29
    oval:com.redhat.rhsa:def:20050053
    P
    		RHSA-2005:053: CUPS security update (Important)
    2005-02-15
    oval:com.redhat.rhsa:def:20050013
    P
    		RHSA-2005:013: cups security update (Important)
    2005-01-12
    BACK
    easy_software_products cups 1.0.4
    easy_software_products cups 1.0.4_8
    easy_software_products cups 1.1.1
    easy_software_products cups 1.1.4
    easy_software_products cups 1.1.4_2
    easy_software_products cups 1.1.4_3
    easy_software_products cups 1.1.4_5
    easy_software_products cups 1.1.6
    easy_software_products cups 1.1.7
    easy_software_products cups 1.1.10
    easy_software_products cups 1.1.12
    easy_software_products cups 1.1.13
    easy_software_products cups 1.1.14
    easy_software_products cups 1.1.15
    easy_software_products cups 1.1.16
    easy_software_products cups 1.1.17
    easy_software_products cups 1.1.18
    easy_software_products cups 1.1.19
    easy_software_products cups 1.1.19_rc5
    easy_software_products cups 1.1.20
    easy_software_products cups 1.1.21
    easy_software_products cups 1.1.22_rc1
    redhat fedora core core_2.0
    redhat fedora core core_3.0
    easy_software_products cups 1.1.22
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 3
    fedoraproject fedora core 2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux 10.1
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1