PT-2014-1889 · Openprinting+2 · Cups-Filters+2

Murray Mcallister

Published

2014-04-08

Updated

2024-06-15

CVE-2014-2707

CVSS v2.0

8.3

High

Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cups-filters versions 1.0.41 through 1.0.50

Description The issue allows remote IPP printers to execute arbitrary commands via shell metacharacters in the model or PDL, related to System V interface scripts generated for queues. This can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For versions 1.0.41 through 1.0.50, update to version 1.0.51 or later to resolve the issue. As a temporary workaround, consider restricting access to the model and PDL parameters in the IPP protocol to minimize the risk of exploitation. Avoid using shell metacharacters in these parameters until the issue is resolved.

Fix

Buffer Overflow

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-78

Related Identifiers

ALT-PU-2014-1459

BDU:2015-09753

CVE-2014-2707

MGASA-2014-0181

OPENSUSE-SU-2024:10313-1

USN-2210-1

Affected Products

Alt Linux

Ubuntu

Cups-Filters

PT-2014-1889 · Openprinting+2 · Cups-Filters+2

CVE-2014-2707

Weakness Enumeration

Related Identifiers

Affected Products

References · 40