Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-24805

Опубликовано: 17 мая 2023
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. beh.c contains the line retval = system(cmdline) >> 8; which calls the system command with the operand cmdline. cmdline contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit 8f2740357 and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*
Версия до 2.0 (исключая)
cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:2.0:rc1:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%
0.0925
Низкий

8.8 High

CVSS3

Дефекты

CWE-78
CWE-78

Связанные уязвимости

ubuntu логотип

CVE-2023-24805

CVSS3: 8.8
ubuntu
около 2 лет назад

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.

redhat логотип

CVE-2023-24805

CVSS3: 8.8
redhat
около 2 лет назад

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.

debian логотип

CVE-2023-24805

CVSS3: 8.8
debian
около 2 лет назад

cups-filters contains backends, filters, and other software required t ...

suse-cvrf логотип

SUSE-SU-2023:2233-2

suse-cvrf
почти 2 года назад

Security update for cups-filters

suse-cvrf логотип

SUSE-SU-2023:2233-1

suse-cvrf
около 2 лет назад

Security update for cups-filters

EPSS

Процентиль: 92%
0.0925
Низкий

8.8 High

CVSS3

Дефекты

CWE-78
CWE-78