CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
77.1%
CentOS Errata and Security Advisory CESA-2011:1196
system-config-printer is a print queue configuration tool with a graphical
user interface.
It was found that system-config-printer did not properly sanitize NetBIOS
and workgroup names when searching for network printers. A remote attacker
could use this flaw to execute arbitrary code with the privileges of the
user running system-config-printer. (CVE-2011-2899)
All users of system-config-printer are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. Running
instances of system-config-printer must be restarted for this update to
take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-August/079866.html
https://lists.centos.org/pipermail/centos-announce/2011-August/079867.html
https://lists.centos.org/pipermail/centos-announce/2011-September/080153.html
https://lists.centos.org/pipermail/centos-announce/2011-September/080154.html
https://lists.centos.org/pipermail/centos-cr-announce/2011-September/026482.html
https://lists.centos.org/pipermail/centos-cr-announce/2011-September/026483.html
Affected packages:
system-config-printer
system-config-printer-gui
system-config-printer-libs
Upstream details at:
https://access.redhat.com/errata/RHSA-2011:1196