CVE-2014-4337 – cups-filters: cups-browsed DoS via process_browse_data() OOB read
https://notcve.org/view.php?id=CVE-2014-4337
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. La función process_browse_data en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de datos de paquetes manipulados. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 http://openwall.com/lists/oss-security/2014/06/19/12 http://rhn.redhat.com/errata/RHSA-2014-1795.html http://secunia.com/advisories/62044 http://www.securityfocus.com/bid/68122 https://access.redhat.com/security/cve/CVE-2014-4337 https://bugzilla.redhat.com/show_bug.cgi?id=1111510 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4338 – cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts
https://notcve.org/view.php?id=CVE-2014-4338
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un directivo cups-browsed.conf BrowseAllow malformado que se interpreta como si cediera acceso de navegación a todas las direcciones IP. A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. • http://openwall.com/lists/oss-security/2014/04/25/7 http://openwall.com/lists/oss-security/2014/06/19/12 http://rhn.redhat.com/errata/RHSA-2014-1795.html http://secunia.com/advisories/62044 http://www.securityfocus.com/bid/68124 https://bugs.linuxfoundation.org/show_bug.cgi?id=1204 https://access.redhat.com/security/cve/CVE-2014-4338 https://bugzilla.redhat.com/show_bug.cgi?id=1091568 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-4336
https://notcve.org/view.php?id=CVE-2014-4336
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función generate_local_queue en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell en el nombre del anfitrión. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 http://openwall.com/lists/oss-security/2014/04/25/7 http://openwall.com/lists/oss-security/2014/06/19/12 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2014-2707
https://notcve.org/view.php?id=CVE-2014-2707
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." cups-browsed en cups-filters 1.0.41 anterior a 1.0.51 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell en el (1) modelo o (2) PDL, relacionado con "scripts de interfaz System V generados para colas." • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html http://seclists.org/oss-sec/2014/q2/13 http://secunia.com/advisories/57530 http://www.ubuntu.com/usn/USN-2210-1 https://bugzilla.redhat.com/show_bug.cgi?id=1083326 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2013-6473
https://notcve.org/view.php?id=CVE-2013-6473
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. Múltiples desbordamientos de buffer basado en memoria dinámica en el filtro urftopdf en cups-filters 1.0.25 anterior a 1.0.47 permiten a atacantes remotos ejecutar código arbitrario a través de una (1) página grande o (2) línea grande en un archivo URF. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175 http://www.securityfocus.com/bid/66601 http://www.ubuntu.com/usn/USN-2143-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333 https://bugzilla.redhat.com/show_bug.cgi?id=1027547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •