Main Vulnerability Database Vulnerabilities #VU41791

OS Command Injection in cups-filters - CVE-2014-2707

Published: April 17, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41791

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2014-2707

CWE-ID: CWE-78

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: OpenPrinting

Affected software:
cups-filters

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."

How to mitigate CVE-2014-2707

Install update from vendor's website.

Sources

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html
http://seclists.org/oss-sec/2014/q2/13
http://secunia.com/advisories/57530
http://www.ubuntu.com/usn/USN-2210-1
https://bugzilla.redhat.com/show_bug.cgi?id=1083326

OS Command Injection in cups-filters - CVE-2014-2707

Detailed vulnerability description

How to mitigate CVE-2014-2707

Sources

Please verify you're human