{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2005:013", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-013.html"}, {"name": "cups-lppasswd-passwd-modify(18609)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18609"}, {"name": "MDKSA-2005:008", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008"}, {"name": "RHSA-2005:053", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html"}, {"name": "USN-50-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/50-1/"}, {"name": "GLSA-200412-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml"}, {"name": "oval:org.mitre.oval:def:11507", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507"}, {"tags": ["x_refsource_MISC"], "url": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1270", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2005:013", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-013.html"}, {"name": "cups-lppasswd-passwd-modify(18609)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18609"}, {"name": "MDKSA-2005:008", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008"}, {"name": "RHSA-2005:053", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html"}, {"name": "USN-50-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/50-1/"}, {"name": "GLSA-200412-25", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml"}, {"name": "oval:org.mitre.oval:def:11507", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507"}, {"name": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt", "refsource": "MISC", "url": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:46:12.304Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2005:013", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-013.html"}, {"name": "cups-lppasswd-passwd-modify(18609)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18609"}, {"name": "MDKSA-2005:008", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008"}, {"name": "RHSA-2005:053", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html"}, {"name": "USN-50-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/50-1/"}, {"name": "GLSA-200412-25", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml"}, {"name": "oval:org.mitre.oval:def:11507", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1270", "datePublished": "2004-12-22T05:00:00", "dateReserved": "2004-12-20T00:00:00", "dateUpdated": "2024-08-08T00:46:12.304Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "68BD578F-CCAD-4515-9205-EB4F297C6DB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*", "matchCriteriaId": "F3182CA2-7375-43BC-A0E5-DE11D4B65EE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCF4C8D0-3030-4DD5-800B-76A582A4CD0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "734D0C2C-F71F-461A-87EE-202C6B706753", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*", "matchCriteriaId": "3F0F402D-5CD0-4477-8B59-C753CECB02BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*", "matchCriteriaId": "959F7AFA-ED20-434C-993F-06C2A8574662", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*", "matchCriteriaId": "D4F5A0A4-2884-46CA-A846-8B954EB80CFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "1741CC9D-C4A8-48F9-86CF-EC20AE2A6BE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "35E65857-12C7-49DE-AD27-3CACD456231C", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "47CEF035-57A6-470B-916A-E5562C28E866", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "4E26BB15-4CF8-4496-A7F7-EB34C444EF72", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "D414984E-4F6B-4278-8346-968587E4B18E", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "33C36DCB-2FDD-44E6-85E8-875575AAE69E", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "7C4B7C23-0C54-4FBA-A774-9CC1E148376E", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "9FA0EF14-33E6-4D44-B86E-F04014EA3C8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "A5428EE6-F90A-4BB6-9D8C-8B99E80AB6DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "A786A770-919E-4E23-949D-D836F316618A", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "00A2249C-73DE-434E-A41F-4EDB0ADC0845", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*", "matchCriteriaId": "73AB4D3D-FF35-4A50-A144-3AD41F6F2E55", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "FB7653F1-70E2-423F-A6A9-30333644B506", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "2406EA53-15E7-4CFE-850B-D3CF3FA8560A", "vulnerable": true}, {"criteria": "cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "787B918D-9CCC-44FE-92AF-E8DF1E91A3C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message."}], "id": "CVE-2004-1270", "lastModified": "2024-11-20T23:50:28.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-01-10T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-013.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18609"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/50-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18609"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/50-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2005:013", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "cups-1:1.1.17-13.3.22", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2005-01-12T00:00:00Z"}, {"advisory": "RHSA-2005:053", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "cups-1:1.1.22-0.rc1.9.6", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2005-02-15T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617403"}, "csaw": false, "details": ["lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message."], "name": "CVE-2004-1270", "public_date": "2004-12-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2004-1270\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-1270"], "threat_severity": "Important"}