CVE-2004-1270

2005-01-1005:00:00

Debian Security Bug Tracker

security-tracker.debian.org

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

OSVersionArchitecturePackageVersionFilename
Debian12allcups< 1.1.22-2cups_1.1.22-2_all.deb
Debian11allcups< 1.1.22-2cups_1.1.22-2_all.deb
Debian999allcups< 1.1.22-2cups_1.1.22-2_all.deb
Debian13allcups< 1.1.22-2cups_1.1.22-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cups	< 1.1.22-2	cups_1.1.22-2_all.deb
Debian	11	all	cups	< 1.1.22-2	cups_1.1.22-2_all.deb
Debian	999	all	cups	< 1.1.22-2	cups_1.1.22-2_all.deb
Debian	13	all	cups	< 1.1.22-2	cups_1.1.22-2_all.deb