RCE in Linuxfoundation Cups-filters

CVE-2014-4336

The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists be…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.005 (67.3th percentile) — read the EPSS interpretation.

Affected products

Linuxfoundation Cups-filters
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

[oss-security] 20140425 Re: Re: cups-browsed remote exploit (mailing-list, x_refsource_MLIST, Patch, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
[oss-security] 20140619 Re: cups-browsed remote exploit (mailing-list, x_refsource_MLIST, Third Party Advisory)