CVE-2004-1270

Name of the Vulnerable Software and Affected Versions: CUPS version 1.1.22

Description: The issue allows local users to control output to the passwd.new file via certain user input that triggers an error message, due to a lack of verification that the passwd.new file is different from STDERR when lppasswd is run in environments where file descriptors 0, 1, and 2 are not open.

Recommendations: For CUPS version 1.1.22, ensure that file descriptors 0, 1, and 2 are open when running lppasswd to prevent the issue. As a temporary workaround, consider restricting access to the lppasswd command until a proper fix is applied.