CVE-2004-1268 Affecting cups package, versions <1.1.22-2
Threat Intelligence
EPSS
0.04% (6th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-CUPS-364589
- published 10 Jan 2005
- disclosed 10 Jan 2005
Introduced: 10 Jan 2005
CVE-2004-1268 Open this link in a new tabHow to fix?
Upgrade Debian:9 cups to version 1.1.22-2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream cups package and not the cups package as distributed by Debian.
See How to fix? for Debian:9 relevant fixed versions and status.
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
References
- https://security-tracker.debian.org/tracker/CVE-2004-1268
- http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
- http://tigger.uic.edu/~jlongs2/holes/cups2.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398
- http://www.ubuntulinux.org/support/documentation/usn/usn-50-1
- https://usn.ubuntu.com/50-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18606
- http://www.redhat.com/support/errata/RHSA-2005-013.html
- http://www.redhat.com/support/errata/RHSA-2005-053.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
CVSS Scores
version 3.1