Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: hplip/foomatic-filters
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 18 Jul 2011 14:35:28 +0200

On 07/13/2011 12:53 PM, Sebastian Krahmer wrote:
Hi

The foomatic filters of the hplip package allow remote users
to execute arbitrary commands as the lp user. The flaw allows
hosts which are listed in the printing ACL or local users to
pass PPD file arguments to the foomatic filters. A PoC was
demonstrated using the CUPS server.

More info and patches are here:

https://bugzilla.novell.com/show_bug.cgi?id=698451

Please use CVE-2011-2697 for this.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team



Sebastian



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault