Vulnerability in Easy_software_products Cups
CVE-2004-1270
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control…
EPSS: 0.005 (35.9th percentile) — read the EPSS interpretation.
Affected products
- Easy_software_products Cups — versions 1.0.4, 1.0.4_8, 1.1.1
- Redhat Fedora_core — versions core_2.0, core_3.0
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (Exploit, x_refsource_MISC, Vendor Advisory)