PT-2015-7805 · Openprinting+5 · Foomatic+6

Adam Chester

Published

2015-12-15

Updated

2024-06-15

CVE-2015-8560

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions cups-filters versions 1.0.42 through 1.4.0 Foomatic versions 4.0.x

Description The issue allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job. This is due to an incomplete blacklist vulnerability in util.c in foomatic-rip.

Recommendations For cups-filters versions 1.0.42 through 1.4.0, update to version 1.4.0 or later. For Foomatic versions 4.0.x, consider disabling the foomatic-rip function until a patch is available. Restrict access to the util.c module to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2016-1627

CESA-2016_0491

CVE-2015-8560

DLA-371-1

DSA-3419-1

DSA-3429-1

MGASA-2015-0476

OPENSUSE-SU-2024:10313-1

RHSA-2016:0491

RHSA-2016_0491

SUSE-SU-2016:0112-1

USN-2838-1

USN-2838-2

Affected Products

Alt Linux

Centos

Foomatic

Red Hat

Suse

Ubuntu

Cups-Filters

PT-2015-7805 · Openprinting+5 · Foomatic+6

CVE-2015-8560

Related Identifiers

Affected Products

References · 64