CVE-2015-3258 – cups-filters: texttopdf heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2015-3258
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. Desbordamiento del buffer basado en memoria dinámica en la función WriteProlog en filter/texttopdf.c en texttopdf en cups-filters antes del 1.0.70, que permite a atacantes remotos provocar una denegación de servcio (colapso) o la posibilidad de ejecutar código arbitrario a través de una línea larga que contiene caracteres anchos en una tarea de impresión. A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://rhn.redhat.com/errata/RHSA-2015-2360.html http://ubuntu.com/usn/usn-2659-1 http://www.debian.org/security/2015/dsa-3303 http://www.openwall.com/lists/oss-security/2015/06/26/4 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/75436 https://bugzilla.redhat.com/s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2015-2265
https://notcve.org/view.php?id=CVE-2015-2265
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función remove_bad_chars en utils/cups-browsed.c en cups-filters anterior a 1.0.66 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell consecutivos en el (1) modelo o (2) PDL. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://advisories.mageia.org/MGASA-2015-0132.html http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:196 http://www.ubuntu.com/usn/USN-2532-1 https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-4337 – cups-filters: cups-browsed DoS via process_browse_data() OOB read
https://notcve.org/view.php?id=CVE-2014-4337
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. La función process_browse_data en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de datos de paquetes manipulados. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 http://openwall.com/lists/oss-security/2014/06/19/12 http://rhn.redhat.com/errata/RHSA-2014-1795.html http://secunia.com/advisories/62044 http://www.securityfocus.com/bid/68122 https://access.redhat.com/security/cve/CVE-2014-4337 https://bugzilla.redhat.com/show_bug.cgi?id=1111510 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4338 – cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts
https://notcve.org/view.php?id=CVE-2014-4338
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un directivo cups-browsed.conf BrowseAllow malformado que se interpreta como si cediera acceso de navegación a todas las direcciones IP. A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. • http://openwall.com/lists/oss-security/2014/04/25/7 http://openwall.com/lists/oss-security/2014/06/19/12 http://rhn.redhat.com/errata/RHSA-2014-1795.html http://secunia.com/advisories/62044 http://www.securityfocus.com/bid/68124 https://bugs.linuxfoundation.org/show_bug.cgi?id=1204 https://access.redhat.com/security/cve/CVE-2014-4338 https://bugzilla.redhat.com/show_bug.cgi?id=1091568 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-4336
https://notcve.org/view.php?id=CVE-2014-4336
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función generate_local_queue en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell en el nombre del anfitrión. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 http://openwall.com/lists/oss-security/2014/04/25/7 http://openwall.com/lists/oss-security/2014/06/19/12 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •