Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: hplip/foomatic-filters
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 13 Jul 2011 12:53:02 +0200

Hi

The foomatic filters of the hplip package allow remote users
to execute arbitrary commands as the lp user. The flaw allows
hosts which are listed in the printing ACL or local users to
pass PPD file arguments to the foomatic filters. A PoC was
demonstrated using the CUPS server.

More info and patches are here:

https://bugzilla.novell.com/show_bug.cgi?id=698451


Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team

---
SUSE LINUX Products GmbH,
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]