oss-sec mailing list archives
Re: CVE Request: hplip/foomatic-filters
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 18 Jul 2011 14:35:28 +0200
On 07/13/2011 12:53 PM, Sebastian Krahmer wrote:
Hi The foomatic filters of the hplip package allow remote users to execute arbitrary commands as the lp user. The flaw allows hosts which are listed in the printing ACL or local users to pass PPD file arguments to the foomatic filters. A PoC was demonstrated using the CUPS server. More info and patches are here: https://bugzilla.novell.com/show_bug.cgi?id=698451
Please use CVE-2011-2697 for this. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Sebastian
Current thread:
- CVE Request: hplip/foomatic-filters Sebastian Krahmer (Jul 13)
- Re: CVE Request: hplip/foomatic-filters Jan Lieskovsky (Jul 18)
- Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Jul 28)
- Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Aug 01)
- Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Jul 28)
- Re: CVE Request: hplip/foomatic-filters Jan Lieskovsky (Jul 18)