CUPS Filters Remote Code Execution Vulnerability in Linux Printing System
CVE-2014-4336

Currently unrated

Key Information:

Vendor: Linux
Status: Cups-filters
Vendor: CVE Published:; 22 June 2014

Summary

The CUPS Filters contain a vulnerability in the generate_local_queue function within cups-browsed that permits remote IPP printers to execute arbitrary commands via shell metacharacters embedded in the host name. This issue is a result of an incomplete fix for previously identified vulnerabilities, specifically CVE-2014-2707. Exploiting this vulnerability can lead to compromised system security and unauthorized actions on the affected systems.

References

http://openwall.com/lists/oss-security/2014/04/25/7

mailing-listx_refsource_MLIST

http://bzr.linuxfoundation.org/loggerhead/openprinting/cu...

x_refsource_CONFIRM

http://openwall.com/lists/oss-security/2014/06/19/12

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jun 22, 2014
Vulnerability Reserved
Jun 19, 2014