Vulnerabilities > CVE-2015-8560

047910
CVSS 7.3 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
network
low complexity
canonical
debian
linuxfoundation
nessus

Summary

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

Vulnerable Configurations

Part Description Count
OS
Canonical
4
OS
Debian
1
Application
Linuxfoundation
56

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3429.NASL
    descriptionMichal Kowalczyk and Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands.
    last seen2020-06-01
    modified2020-06-02
    plugin id87541
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87541
    titleDebian DSA-3429-1 : foomatic-filters - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0112-1.NASL
    descriptionThis update fixes the following security issues : - CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87913
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87913
    titleSUSE SLED11 / SLES11 Security Update : foomatic-filters (SUSE-SU-2016:0112-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160323_FOOMATIC_ON_SL6_X.NASL
    descriptionIt was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560)
    last seen2020-03-18
    modified2016-03-24
    plugin id90142
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90142
    titleScientific Linux Security Update : foomatic on SL6.x i386/x86_64 (20160323)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-954.NASL
    descriptionThis update for cups-filters fixes the following issues : - cups-filters-1.0.58-CVE-2015-8327-et_alii.patch adds back tick and semicolon to the list of illegal shell escape characters to fix CVE-2015-8327 and CVE-2015-8560 (boo#957531).
    last seen2020-06-05
    modified2015-12-29
    plugin id87628
    published2015-12-29
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87628
    titleopenSUSE Security Update : cups-filters (openSUSE-2015-954)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0040.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, (CVE-2015-8560) - Prevent foomatic-rip overrun (bug #1214534).
    last seen2020-06-01
    modified2020-06-02
    plugin id90139
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90139
    titleOracleVM 3.3 / 3.4 : foomatic (OVMSA-2016-0040)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2412.NASL
    descriptionAccording to the versions of the foomatic packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.(CVE-2015-8327) - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.(CVE-2015-8560) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131904
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131904
    titleEulerOS 2.0 SP2 : foomatic (EulerOS-SA-2019-2412)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7329938BA4E611E5B86414DAE9D210B8.NASL
    descriptionTill Kamppeter reports : Cups Filters/Foomatic Filters does not consider semicolon as an illegal escape character.
    last seen2020-06-01
    modified2020-06-02
    plugin id87482
    published2015-12-18
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87482
    titleFreeBSD : cups-filters -- code execution (7329938b-a4e6-11e5-b864-14dae9d210b8)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3419.NASL
    descriptionAdam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands.
    last seen2020-06-01
    modified2020-06-02
    plugin id87383
    published2015-12-16
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87383
    titleDebian DSA-3419-1 : cups-filters - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2838-2.NASL
    descriptionAdam Chester discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87463
    published2015-12-17
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87463
    titleUbuntu 12.04 LTS : foomatic-filters vulnerability (USN-2838-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0491.NASL
    descriptionFrom Red Hat Security Advisory 2016:0491 : An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90110
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90110
    titleOracle Linux 6 : foomatic (ELSA-2016-0491)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0491.NASL
    descriptionAn updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90120
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90120
    titleCentOS 6 : foomatic (CESA-2016:0491)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0491.NASL
    descriptionAn updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90114
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90114
    titleRHEL 6 : foomatic (RHSA-2016:0491)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2838-1.NASL
    descriptionAdam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87462
    published2015-12-17
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87462
    titleUbuntu 14.04 LTS / 15.04 / 15.10 : cups-filters vulnerability (USN-2838-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-A108C34086.NASL
    descriptionFixes CVE-2015-8560 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89343
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89343
    titleFedora 23 : cups-filters-1.4.0-1.fc23 (2015-a108c34086)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-371.NASL
    descriptionAdam Chester discovered that there was an injection vulnerability in foomatic-filters which is used by printer spoolers to convert incoming PostScript data into the printer
    last seen2020-03-17
    modified2015-12-21
    plugin id87508
    published2015-12-21
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87508
    titleDebian DLA-371-1 : foomatic-filters security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2579.NASL
    descriptionAccording to the versions of the foomatic packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.(CVE-2015-8327) - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.(CVE-2015-8560) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-19
    plugin id132296
    published2019-12-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132296
    titleEulerOS 2.0 SP3 : foomatic (EulerOS-SA-2019-2579)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-690.NASL
    descriptionIt was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8560) It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325)
    last seen2020-06-01
    modified2020-06-02
    plugin id90632
    published2016-04-22
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90632
    titleAmazon Linux AMI : foomatic (ALAS-2016-690)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-998911CF3F.NASL
    descriptionFixes CVE-2015-8560 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89336
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89336
    titleFedora 22 : cups-filters-1.4.0-1.fc22 (2015-998911cf3f)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1964.NASL
    descriptionAccording to the versions of the foomatic packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands.(CVE-2015-8327) - It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands.(CVE-2015-8560) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-23
    plugin id129121
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129121
    titleEulerOS 2.0 SP5 : foomatic (EulerOS-SA-2019-1964)

Redhat

advisories
bugzilla
id1291227
titleCVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • commentfoomatic is earlier than 0:4.0.4-5.el6_7
      ovaloval:com.redhat.rhsa:tst:20160491001
    • commentfoomatic is signed with Red Hat redhatrelease2 key
      ovaloval:com.redhat.rhsa:tst:20111110002
rhsa
idRHSA-2016:0491
released2016-03-22
severityModerate
titleRHSA-2016:0491: foomatic security update (Moderate)
rpms
  • foomatic-0:4.0.4-5.el6_7
  • foomatic-debuginfo-0:4.0.4-5.el6_7