CVE-2015-3279 – cups-filters: texttopdf integer overflow
https://notcve.org/view.php?id=CVE-2015-3279
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. Desbordamiento de enteros en filter/texttopdf.c en texttopdf en cups-filters antes de 1.0.71, que permite a atacantes remotos provocar una denegación de servicio (colapso) o la posibilidad de ejecutar código arbitrario por medio de una línea larga que contiene caracteres anchos manipulada en un trabajo de impresión, lo que desencadena un desbordamiento del buffer basado en memoria dinámica. An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://rhn.redhat.com/errata/RHSA-2015-2360.html http://ubuntu.com/usn/usn-2659-1 http://www.debian.org/security/2015/dsa-3303 http://www.openwall.com/lists/oss-security/2015/07/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2015-2265
https://notcve.org/view.php?id=CVE-2015-2265
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función remove_bad_chars en utils/cups-browsed.c en cups-filters anterior a 1.0.66 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell consecutivos en el (1) modelo o (2) PDL. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://advisories.mageia.org/MGASA-2015-0132.html http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:196 http://www.ubuntu.com/usn/USN-2532-1 https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-4337 – cups-filters: cups-browsed DoS via process_browse_data() OOB read
https://notcve.org/view.php?id=CVE-2014-4337
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. La función process_browse_data en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de datos de paquetes manipulados. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 http://openwall.com/lists/oss-security/2014/06/19/12 http://rhn.redhat.com/errata/RHSA-2014-1795.html http://secunia.com/advisories/62044 http://www.securityfocus.com/bid/68122 https://access.redhat.com/security/cve/CVE-2014-4337 https://bugzilla.redhat.com/show_bug.cgi?id=1111510 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4336
https://notcve.org/view.php?id=CVE-2014-4336
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función generate_local_queue en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell en el nombre del anfitrión. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 http://openwall.com/lists/oss-security/2014/04/25/7 http://openwall.com/lists/oss-security/2014/06/19/12 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-4338 – cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts
https://notcve.org/view.php?id=CVE-2014-4338
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un directivo cups-browsed.conf BrowseAllow malformado que se interpreta como si cediera acceso de navegación a todas las direcciones IP. A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. • http://openwall.com/lists/oss-security/2014/04/25/7 http://openwall.com/lists/oss-security/2014/06/19/12 http://rhn.redhat.com/errata/RHSA-2014-1795.html http://secunia.com/advisories/62044 http://www.securityfocus.com/bid/68124 https://bugs.linuxfoundation.org/show_bug.cgi?id=1204 https://access.redhat.com/security/cve/CVE-2014-4338 https://bugzilla.redhat.com/show_bug.cgi?id=1091568 • CWE-264: Permissions, Privileges, and Access Controls •