CVE-2014-4336

critical

Description

The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

References

http://openwall.com/lists/oss-security/2014/06/19/12

http://openwall.com/lists/oss-security/2014/04/25/7

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194

Details

Source: Mitre, NVD

Published: 2014-06-22

Updated: 2018-01-03

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical