APP: CUPS Command Shell Escape Character
This signature detects attempts to exploit a known vulnerability in foomatic-rip filter installed with the Common Unix Printing System (CUPS). Because the filter does not sufficiently check command-line parameters and environment variables, attackers can execute commands on a remote print server with the permissions of the spoold user.
Extended Description
Reportedly, the LinuxPrinting.org Foomatic-Filter is affected by an arbitrary command-execution vulnerability. Although unconfirmed, this issue is likely due to the affected script's failure to properly validate input when issuing shell commands. An attacker may exploit this issue to execute arbitrary commands as the printer user on a computer running the vulnerable software.
Affected Products
Suse linux_desktop
References
BugTraq: 11184
CVE: CVE-2004-0801
URL: http://www.gentoo.org/security/en/glsa/glsa-200409-24.xml http://www.securityfocus.com/bid/11184
Short Name
APP:CUPS:COMMAND-CHAR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CUPS CVE-2004-0801 Character Command Escape Shell bid:11184
Release Date
03/03/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sun
Linuxprinting.org
Conectiva
Suse
Trustix
CVSS Score
7.5