CVE-2004-1270

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tigger.uic.edu/~jlongs2/holes/cups2.txt	Exploit Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-013.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
https://exchange.xforce.ibmcloud.com/vulnerabilities/18609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507
https://usn.ubuntu.com/50-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:easy_software_products:cups:1.1.1:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.10:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.19:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_5:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.6:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.14:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.15:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4:::::::*
	cpe:2.3:a:easy_software_products:cups:1.0.4:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.16:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.7:::::::*
	cpe:2.3:a:easy_software_products:cups:1.0.4_8:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.21:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.13:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.17:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_3:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.12:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.20:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.18:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_3.0:::::::*

Information

Published : 2005-01-09 21:00

Updated : 2018-10-03 14:29

NVD link : CVE-2004-1270

Mitre link : CVE-2004-1270

JSON object : View

CWE

NVD-CWE-Other

Products Affected

easy_software_products

cups

redhat

fedora_core

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt", "name": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-013.html", "name": "RHSA-2005:013", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-053.html", "name": "RHSA-2005:053", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml", "name": "GLSA-200412-25", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008", "name": "MDKSA-2005:008", "tags": [], "refsource": "MANDRAKE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18609", "name": "cups-lppasswd-passwd-modify(18609)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507", "name": "oval:org.mitre.oval:def:11507", "tags": [], "refsource": "OVAL"}, {"url": "https://usn.ubuntu.com/50-1/", "name": "USN-50-1", "tags": [], "refsource": "UBUNTU"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1270", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-01-10T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-03T21:29Z"}

2.1 /10