CVE-2014-4336

Currently unrated

Key Information:

Vendor: Linux
Status: Cups-filters
Vendor: CVE Published:; 22 June 2014

Summary

The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

References

http://openwall.com/lists/oss-security/2014/04/25/7

mailing-listx_refsource_MLIST

http://bzr.linuxfoundation.org/loggerhead/openprinting/cu...

x_refsource_CONFIRM

http://openwall.com/lists/oss-security/2014/06/19/12

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jun 22, 2014
Vulnerability Reserved
Jun 19, 2014