Vulnerabilities > CVE-2015-8327 - Arbitrary Command Execution vulnerability in cups-filters

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
redhat
linuxfoundation
canonical
debian
nessus
NVD
Published: 2015-12-17
Updated: 2018-10-30

Summary

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. <a href="https://cwe.mitre.org/data/definitions/184.html">CWE-184: Incomplete Blacklist</a>

Vulnerable Configurations

Part Description Count
OS
Redhat
5
OS
Canonical
4
OS
Debian
1
Application
Linuxfoundation
54

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3429.NASL
    descriptionMichal Kowalczyk and Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands.
    last seen2020-06-01
    modified2020-06-02
    plugin id87541
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87541
    titleDebian DSA-3429-1 : foomatic-filters - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0112-1.NASL
    descriptionThis update fixes the following security issues : - CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87913
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87913
    titleSUSE SLED11 / SLES11 Security Update : foomatic-filters (SUSE-SU-2016:0112-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160323_FOOMATIC_ON_SL6_X.NASL
    descriptionIt was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560)
    last seen2020-03-18
    modified2016-03-24
    plugin id90142
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90142
    titleScientific Linux Security Update : foomatic on SL6.x i386/x86_64 (20160323)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-954.NASL
    descriptionThis update for cups-filters fixes the following issues : - cups-filters-1.0.58-CVE-2015-8327-et_alii.patch adds back tick and semicolon to the list of illegal shell escape characters to fix CVE-2015-8327 and CVE-2015-8560 (boo#957531).
    last seen2020-06-05
    modified2015-12-29
    plugin id87628
    published2015-12-29
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87628
    titleopenSUSE Security Update : cups-filters (openSUSE-2015-954)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0040.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, (CVE-2015-8560) - Prevent foomatic-rip overrun (bug #1214534).
    last seen2020-06-01
    modified2020-06-02
    plugin id90139
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90139
    titleOracleVM 3.3 / 3.4 : foomatic (OVMSA-2016-0040)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2412.NASL
    descriptionAccording to the versions of the foomatic packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.(CVE-2015-8327) - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.(CVE-2015-8560) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131904
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131904
    titleEulerOS 2.0 SP2 : foomatic (EulerOS-SA-2019-2412)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3411.NASL
    descriptionMichal Kowalczyk discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. The oldstable distribution (wheezy) is not affected.
    last seen2020-06-01
    modified2020-06-02
    plugin id87175
    published2015-12-03
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87175
    titleDebian DSA-3411-1 : cups-filters - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0491.NASL
    descriptionFrom Red Hat Security Advisory 2016:0491 : An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90110
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90110
    titleOracle Linux 6 : foomatic (ELSA-2016-0491)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0491.NASL
    descriptionAn updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90120
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90120
    titleCentOS 6 : foomatic (CESA-2016:0491)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0491.NASL
    descriptionAn updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90114
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90114
    titleRHEL 6 : foomatic (RHSA-2016:0491)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0092-1.NASL
    descriptionThis update fixes the following security issue : CVE-2015-8327 adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87910
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87910
    titleSUSE SLED12 / SLES12 Security Update : cups-filters (SUSE-SU-2016:0092-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2831-2.NASL
    descriptionMichal Kowalczyk discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87238
    published2015-12-08
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87238
    titleUbuntu 12.04 LTS : foomatic-filters vulnerability (USN-2831-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2579.NASL
    descriptionAccording to the versions of the foomatic packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.(CVE-2015-8327) - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.(CVE-2015-8560) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-19
    plugin id132296
    published2019-12-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132296
    titleEulerOS 2.0 SP3 : foomatic (EulerOS-SA-2019-2579)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2831-1.NASL
    descriptionMichal Kowalczyk discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87237
    published2015-12-08
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87237
    titleUbuntu 14.04 LTS / 15.04 / 15.10 : cups-filters vulnerability (USN-2831-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-67.NASL
    descriptionThis update fixes the following security issue : CVE-2015-8327 adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-01-25
    plugin id88134
    published2016-01-25
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88134
    titleopenSUSE Security Update : cups-filters (openSUSE-2016-67)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6DBAE1A8A4E611E5B86414DAE9D210B8.NASL
    descriptionSalvatore Bonaccorso reports : Cups Filters/Foomatic Filters does not consider backtick as an illegal escape character.
    last seen2020-06-01
    modified2020-06-02
    plugin id87481
    published2015-12-18
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87481
    titleFreeBSD : cups-filters -- code execution (6dbae1a8-a4e6-11e5-b864-14dae9d210b8)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1964.NASL
    descriptionAccording to the versions of the foomatic packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands.(CVE-2015-8327) - It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands.(CVE-2015-8560) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-23
    plugin id129121
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129121
    titleEulerOS 2.0 SP5 : foomatic (EulerOS-SA-2019-1964)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-365.NASL
    descriptionIt was discovered that there was an injection vulnerability in foomatic-filters which is used by printer spoolers to convert incoming PostScript data into the printer
    last seen2020-03-17
    modified2015-12-10
    plugin id87287
    published2015-12-10
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87287
    titleDebian DLA-365-1 : foomatic-filters security update

Redhat

advisories
rhsa
idRHSA-2016:0491
rpms
  • foomatic-0:4.0.4-5.el6_7
  • foomatic-debuginfo-0:4.0.4-5.el6_7

References