Main Vulnerability Database Vulnerabilities #VU37672

Input validation error in CUPS - CVE-2014-8166

Published: January 12, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37672

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-8166

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
CUPS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.

How to mitigate CVE-2014-8166

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2015/03/24/15
http://www.openwall.com/lists/oss-security/2015/03/24/2
http://www.securityfocus.com/bid/73300
https://bugzilla.redhat.com/show_bug.cgi?id=1084577

Input validation error in CUPS - CVE-2014-8166

Detailed vulnerability description

How to mitigate CVE-2014-8166

Sources

Please verify you're human