CVE-2004-1268

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tigger.uic.edu/~jlongs2/holes/cups2.txt	Exploit Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
http://www.redhat.com/support/errata/RHSA-2005-013.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398
https://usn.ubuntu.com/50-1/
http://tigger.uic.edu/~jlongs2/holes/cups2.txt	Exploit Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
http://www.redhat.com/support/errata/RHSA-2005-013.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398
https://usn.ubuntu.com/50-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:easy_software_products:cups:1.0.4:::::::*
	cpe:2.3:a:easy_software_products:cups:1.0.4_8:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.1:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_2:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_3:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.4_5:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.6:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.7:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.10:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.12:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.13:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.14:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.15:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.16:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.17:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.18:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.19:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.20:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.21:::::::*
	cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_3.0:::::::*

History

20 Nov 2024, 23:50

Type	Values Removed	Values Added
References	~~() http://tigger.uic.edu/~jlongs2/holes/cups2.txt - Exploit, Vendor Advisory~~	() http://tigger.uic.edu/~jlongs2/holes/cups2.txt - Exploit, Vendor Advisory
References	~~() http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml -~~	() http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml -
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2005:008 -~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2005:008 -
References	~~() http://www.redhat.com/support/errata/RHSA-2005-013.html -~~	() http://www.redhat.com/support/errata/RHSA-2005-013.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2005-053.html -~~	() http://www.redhat.com/support/errata/RHSA-2005-053.html -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/18606 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/18606 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398 -
References	~~() https://usn.ubuntu.com/50-1/ -~~	() https://usn.ubuntu.com/50-1/ -

Information

Published : 2005-01-10 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1268

Mitre link : CVE-2004-1268

CVE.ORG link : CVE-2004-1268

JSON object : View

Products Affected

easy_software_products

cups

redhat

fedora_core

CWE

NVD-CWE-Other

2.1 /10