CVE-2004-1270
NONE EPSS 36.3%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
Threat Intelligence
EPSS Exploit Probability
36.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Affected Products 24
| Vendor | Product | Version | Range |
|---|---|---|---|
| easy_software_products | cups | 1.0.4 | any |
| easy_software_products | cups | 1.0.4_8 | any |
| easy_software_products | cups | 1.1.1 | any |
| easy_software_products | cups | 1.1.4 | any |
| easy_software_products | cups | 1.1.4_2 | any |
| easy_software_products | cups | 1.1.4_3 | any |
| easy_software_products | cups | 1.1.4_5 | any |
| easy_software_products | cups | 1.1.6 | any |
| easy_software_products | cups | 1.1.7 | any |
| easy_software_products | cups | 1.1.10 | any |
| easy_software_products | cups | 1.1.12 | any |
| easy_software_products | cups | 1.1.13 | any |
| easy_software_products | cups | 1.1.14 | any |
| easy_software_products | cups | 1.1.15 | any |
| easy_software_products | cups | 1.1.16 | any |
| easy_software_products | cups | 1.1.17 | any |
| easy_software_products | cups | 1.1.18 | any |
| easy_software_products | cups | 1.1.19 | any |
| easy_software_products | cups | 1.1.19_rc5 | any |
| easy_software_products | cups | 1.1.20 | any |
| easy_software_products | cups | 1.1.21 | any |
| easy_software_products | cups | 1.1.22_rc1 | any |
| redhat | fedora_core | core_2.0 | any |
| redhat | fedora_core | core_3.0 | any |
References 8
- tigger.uic.edu http://tigger.uic.edu/~jlongs2/holes/cups2.txt
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-013.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-053.html
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18609
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507
- usn.ubuntu.com https://usn.ubuntu.com/50-1/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.