Описание
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
A flaw was found in the way the CUPS daemon added shared printers announced through the network. A malicious host or user could send a specially crafted UDP packet to a CUPS server that, when processed, could potentially lead to arbitrary code execution with the privileges of the user running the CUPS daemon.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | cups | Will not fix | ||
| Red Hat Enterprise Linux 6 | cups | Will not fix | ||
| Red Hat Enterprise Linux 7 | cups | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
The browsing feature in the server in CUPS does not filter ANSI escape ...
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
EPSS
4.3 Medium
CVSS2