Vulnerabilities > CVE-2004-0801
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 | |
| Application | 2 | |
| OS | 2 | |
| OS | 2 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_HPLIP-110812.NASL description This update of hplip fixes : - CVE-2004-0801: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): This patch originally affected foomatic-rip in CUPS but was found to be in foomatic-rip-hplip too. last seen 2020-06-01 modified 2020-06-02 plugin id 75526 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75526 title openSUSE Security Update : hplip (openSUSE-SU-2011:0950-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update hplip-4987. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75526); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2004-0801"); script_name(english:"openSUSE Security Update : hplip (openSUSE-SU-2011:0950-1)"); script_summary(english:"Check for the hplip-4987 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of hplip fixes : - CVE-2004-0801: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): This patch originally affected foomatic-rip in CUPS but was found to be in foomatic-rip-hplip too." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=59233" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-08/msg00036.html" ); script_set_attribute( attribute:"solution", value:"Update the affected hplip packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hplip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hplip-hpijs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"hplip-3.10.2-2.5.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"hplip-hpijs-3.10.2-2.5.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "hplip"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-094.NASL description The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of abuse. last seen 2020-06-01 modified 2020-06-02 plugin id 14750 published 2004-09-16 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14750 title Mandrake Linux Security Advisory : printer-drivers (MDKSA-2004:094) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:094. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14750); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0801"); script_xref(name:"MDKSA", value:"2004:094"); script_name(english:"Mandrake Linux Security Advisory : printer-drivers (MDKSA-2004:094)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of abuse." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-drivers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:foomatic-db"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:foomatic-db-engine"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:foomatic-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-module-X"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gimpprint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gimpprint1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gimpprint1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ijs0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ijs0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgimpprint1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgimpprint1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libijs0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libijs0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:omni"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:printer-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:printer-testpages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:printer-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"cups-drivers-1.1-138.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"foomatic-db-3.0.1-0.20040828.1.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"foomatic-db-engine-3.0.1-0.20040828.1.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"foomatic-filters-3.0.1-0.20040828.1.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"ghostscript-7.07-19.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"ghostscript-module-X-7.07-19.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"gimpprint-4.2.7-2.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64gimpprint1-4.2.7-2.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64gimpprint1-devel-4.2.7-2.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64ijs0-0.34-76.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64ijs0-devel-0.34-76.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libgimpprint1-4.2.7-2.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libgimpprint1-devel-4.2.7-2.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libijs0-0.34-76.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libijs0-devel-0.34-76.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"printer-filters-1.0-138.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"printer-testpages-1.0-138.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"printer-utils-1.0-138.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"cups-drivers-1.1-116.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"foomatic-db-3.0-1.20030908.3.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"foomatic-db-engine-3.0-1.20030908.3.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"foomatic-filters-3.0-1.20030908.3.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"ghostscript-7.07-0.12.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"ghostscript-module-X-7.07-0.12.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"gimpprint-4.2.5-30.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64gimpprint1-4.2.5-30.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64gimpprint1-devel-4.2.5-30.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64ijs0-0.34-56.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64ijs0-devel-0.34-56.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libgimpprint1-4.2.5-30.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libgimpprint1-devel-4.2.5-30.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libijs0-0.34-56.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libijs0-devel-0.34-56.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"omni-0.7.2-32.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"printer-filters-1.0-116.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"printer-testpages-1.0-116.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"printer-utils-1.0-116.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_031.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:031 (cups). The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user last seen 2020-06-01 modified 2020-06-02 plugin id 14730 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14730 title SUSE-SA:2004:031: cups code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:031 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(14730); script_version ("1.13"); script_bugtraq_id(11183, 11184); script_cve_id("CVE-2004-0558", "CVE-2004-0801"); name["english"] = "SUSE-SA:2004:031: cups"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2004:031 (cups). The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2004_31_cups.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_end_attributes(); summary["english"] = "Check for the version of the cups package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"cups-1.1.15-170", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.15-170", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.15-170", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.18-96", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.18-96", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.18-96", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.19-93", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.19-93", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.19-93", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"foomatic-filters-3.0.0-100", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-1.1.20-108.8", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-libs-1.1.20-108.8", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cups-client-1.1.20-108.8", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"foomatic-filters-3.0.1-41.6", release:"SUSE9.1") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"cups-", release:"SUSE8.1") || rpm_exists(rpm:"cups-", release:"SUSE8.2") || rpm_exists(rpm:"cups-", release:"SUSE9.0") || rpm_exists(rpm:"cups-", release:"SUSE9.1") ) { set_kb_item(name:"CVE-2004-0558", value:TRUE); set_kb_item(name:"CVE-2004-0801", value:TRUE); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-24.NASL description The remote host is affected by the vulnerability described in GLSA-200409-24 (Foomatic: Arbitrary command execution in foomatic-rip filter) There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. Impact : This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler (oftentimes the last seen 2020-06-01 modified 2020-06-02 plugin id 14779 published 2004-09-21 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14779 title GLSA-200409-24 : Foomatic: Arbitrary command execution in foomatic-rip filter NASL family SuSE Local Security Checks NASL id SUSE_11_HPLIP-110812.NASL description This update of hplip fixes : - This patch originally affected foomatic-rip in CUPS but was found to be in foomatic-rip-hplip too. (CVE-2004-0801: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)) - The foomatic print filters of the hplip package contained a remote code execution vulnerability. Remote users, if allowed to access a print server such as CUPS, could execute arbitrary commands as lp system user. (CVE-2011-2697: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)) last seen 2020-06-01 modified 2020-06-02 plugin id 55981 published 2011-08-26 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55981 title SuSE 11.1 Security Update : hplip (SAT Patch Number 4989) NASL family SuSE Local Security Checks NASL id SUSE_FOOMATIC-FILTERS-1436.NASL description A Bug in cupsomatic/foomatic-filters that allowed remote printer users to execute arbitrary commands as the uid of the printer daemon has been fixed (CAN-2004-0801). While the same problem was fixed in earlier products, the fix got lost during package upgrade of foomatic-filters. last seen 2020-06-01 modified 2020-06-02 plugin id 27222 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27222 title openSUSE 10 Security Update : foomatic-filters (foomatic-filters-1436) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_026.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:026 (foomatic-filters). A bug in cupsomatic/foomatic-filters that allowed remote printer users to execute arbitrary commands with the UID of the printer daemon has been fixed (CVE-2004-0801). While the same problem was fixed in earlier products, the fix got lost during package upgrade of foomatic-filters for SUSE Linux 9.3. Only SUSE Linux 9.3, 10.0 and 10.1 still contained this bug. last seen 2019-10-28 modified 2006-06-01 plugin id 21622 published 2006-06-01 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21622 title SUSE-SA:2006:026: foomatic-filters NASL family SuSE Local Security Checks NASL id SUSE_11_4_HPLIP-110812.NASL description This update of hplip fixes : - CVE-2004-0801: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): This patch originally affected foomatic-rip in CUPS but was found to be in foomatic-rip-hplip too. last seen 2020-06-01 modified 2020-06-02 plugin id 75861 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75861 title openSUSE Security Update : hplip (openSUSE-SU-2011:0950-1) NASL family Fedora Local Security Checks NASL id FEDORA_2004-303.NASL description Sebastian Krahmer reported a bug in the cupsomatic and foomatic-rip print filters, used by the CUPS print spooler. An attacker who has printing access could send a carefully named file to the print server causing arbitrary commands to be executed as root. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0801 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14789 published 2004-09-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14789 title Fedora Core 2 : foomatic-3.0.1-3.1 (2004-303)
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000880
- http://lists.suse.com/archive/suse-security-announce/2006-May/0007.html
- http://secunia.com/advisories/12557/
- http://secunia.com/advisories/20312
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:094
- http://www.novell.com/linux/security/advisories/2004_31_cups.html
- http://www.securityfocus.com/bid/11184
- http://www.trustix.net/errata/2004/0047/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17388