Published: 14/04/2016 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 prior to 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote malicious users to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 15.10
canonical ubuntu linux 15.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
debian debian linux 8.0
linuxfoundation cups-filters 1.2.0
linuxfoundation cups-filters 1.0.42
linuxfoundation cups-filters 1.0.43
linuxfoundation cups-filters 1.0.44
linuxfoundation cups-filters 1.0.55
linuxfoundation cups-filters 1.0.56
linuxfoundation cups-filters 1.0.57
linuxfoundation cups-filters 1.0.65
linuxfoundation cups-filters 1.0.60
linuxfoundation cups-filters 1.0.68
linuxfoundation cups-filters 1.0.69
linuxfoundation cups-filters 1.1.0
linuxfoundation cups-filters 1.0.49
linuxfoundation cups-filters 1.0.50
linuxfoundation cups-filters 1.0.52
linuxfoundation cups-filters 1.0.51
linuxfoundation cups-filters 1.0.66
linuxfoundation cups-filters 1.0.67
linuxfoundation cups-filters 1.0.74
linuxfoundation cups-filters 1.0.75
linuxfoundation cups-filters 1.0.76
linuxfoundation cups-filters 1.0.45
linuxfoundation cups-filters 1.0.46
linuxfoundation cups-filters 1.0.58
linuxfoundation cups-filters 1.0.59
linuxfoundation cups-filters 1.0.61
linuxfoundation cups-filters 1.0.62
linuxfoundation cups-filters 1.0.70
linuxfoundation cups-filters 1.0.71
linuxfoundation cups-filters 1.3.0
linuxfoundation cups-filters 1.0.47
linuxfoundation cups-filters 1.0.48
linuxfoundation cups-filters 1.0.54
linuxfoundation cups-filters 1.0.53
linuxfoundation cups-filters 1.0.63
linuxfoundation cups-filters 1.0.64
linuxfoundation cups-filters 1.0.72
linuxfoundation cups-filters 1.0.73
linuxfoundation foomatic-filters 4.0.6
linuxfoundation foomatic-filters 4.0.7
linuxfoundation foomatic-filters 4.0.14
linuxfoundation foomatic-filters 4.0.15
linuxfoundation foomatic-filters 4.0.4
linuxfoundation foomatic-filters 4.0.5
linuxfoundation foomatic-filters 4.0.12
linuxfoundation foomatic-filters 4.0.13
linuxfoundation foomatic-filters 4.0.0
linuxfoundation foomatic-filters 4.0.1
linuxfoundation foomatic-filters 4.0.8
linuxfoundation foomatic-filters 4.0.9
linuxfoundation foomatic-filters 4.0.16
linuxfoundation foomatic-filters 4.0.17
linuxfoundation foomatic-filters 4.0.2
linuxfoundation foomatic-filters 4.0.3
linuxfoundation foomatic-filters 4.0.10
linuxfoundation foomatic-filters 4.0.11

Debian Bug report logs - #806886 CVE-2015-8327 Insufficient script injection prevention Package: foomatic-filters; Maintainer for foomatic-filters is Jörg Frings-Fürst <debian@jffemail>; Source for foomatic-filters is src:foomatic-filters (PTS, buildd, popcon) Reported by: Didier 'OdyX' Raboud <odyx@debianorg> Da ...

Debian Bug report logs - #807930 cups-filters: CVE-2015-8560: code execution via improper escaping of ; in foomatic-rip Package: cups-filters; Maintainer for cups-filters is Debian Printing Team <debian-printing@listsdebianorg>; Source for cups-filters is src:cups-filters (PTS, buildd, popcon) Reported by: Yann Soubeyrand ...

foomatic-filters could be made to run programs as the lp user if it processed a specially crafted print job ...

cups-filters could be made to run programs as the lp user if it processed a specially crafted print job ...

Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands For the stable distribution (jessie), this problem has been fixed in version 1061-5+deb8u3 For the unstable distribution (sid), this problem has been fixed in version 140-1 We recommend that you upgrade y ...

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter An attacker could possibly use this flaw to execute arbitrary commands (CVE-2015-8560) It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buf ...

NVD-CWE-Other http://www.openwall.com/lists/oss-security/2015/12/13/2 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS http://www.ubuntu.com/usn/USN-2838-1 http://www.openwall.com/lists/oss-security/2015/12/14/13 http://www.debian.org/security/2015/dsa-3419 http://www.ubuntu.com/usn/USN-2838-2 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419 http://rhn.redhat.com/errata/RHSA-2016-0491.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.debian.org/security/2015/dsa-3429 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886 https://usn.ubuntu.com/2838-2/https://nvd.nist.gov

CVE-2015-8560

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect