CVE-2004-1270

NONE EPSS 36.3%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Threat Intelligence

EPSS Exploit Probability
36.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Affected Products 24

VendorProductVersionRange
easy_software_productscups1.0.4any
easy_software_productscups1.0.4_8any
easy_software_productscups1.1.1any
easy_software_productscups1.1.4any
easy_software_productscups1.1.4_2any
easy_software_productscups1.1.4_3any
easy_software_productscups1.1.4_5any
easy_software_productscups1.1.6any
easy_software_productscups1.1.7any
easy_software_productscups1.1.10any
easy_software_productscups1.1.12any
easy_software_productscups1.1.13any
easy_software_productscups1.1.14any
easy_software_productscups1.1.15any
easy_software_productscups1.1.16any
easy_software_productscups1.1.17any
easy_software_productscups1.1.18any
easy_software_productscups1.1.19any
easy_software_productscups1.1.19_rc5any
easy_software_productscups1.1.20any
easy_software_productscups1.1.21any
easy_software_productscups1.1.22_rc1any
redhatfedora_corecore_2.0any
redhatfedora_corecore_3.0any

References 8

  • tigger.uic.edu http://tigger.uic.edu/~jlongs2/holes/cups2.txt
    ExploitVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-013.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-053.html
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18609
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507
  • usn.ubuntu.com https://usn.ubuntu.com/50-1/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.