saned in sane-backends 1.0.7 and previous versions does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote malicious users to use that call even if they are restricted in saned.conf.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sane sane 1.0.0 |
||
sane sane 1.0.1 |
||
sane sane 1.0.7_beta1 |
||
sane sane 1.0.7_beta2 |
||
sane sane 1.0.4 |
||
sane sane 1.0.5 |
||
sane sane 1.0.2 |
||
sane sane 1.0.3 |
||
sane sane 1.0.8 |
||
sane sane 1.0.9 |
||
sane sane-backend 1.0.10 |
||
sane sane 1.0.6 |
||
sane sane 1.0.7 |