low
2.1
CWE
NVD-CWE-Other
Advisory Published
Updated

CVE-2004-1270

First published: Wed Dec 22 2004(Updated: )

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
CUPS (Common UNIX Printing System)=1.0.4
CUPS (Common UNIX Printing System)=1.0.4_8
CUPS (Common UNIX Printing System)=1.1.1
CUPS (Common UNIX Printing System)=1.1.4
CUPS (Common UNIX Printing System)=1.1.4_2
CUPS (Common UNIX Printing System)=1.1.4_3
CUPS (Common UNIX Printing System)=1.1.4_5
CUPS (Common UNIX Printing System)=1.1.6
CUPS (Common UNIX Printing System)=1.1.7
CUPS (Common UNIX Printing System)=1.1.10
CUPS (Common UNIX Printing System)=1.1.12
CUPS (Common UNIX Printing System)=1.1.13
CUPS (Common UNIX Printing System)=1.1.14
CUPS (Common UNIX Printing System)=1.1.15
CUPS (Common UNIX Printing System)=1.1.16
CUPS (Common UNIX Printing System)=1.1.17
CUPS (Common UNIX Printing System)=1.1.18
CUPS (Common UNIX Printing System)=1.1.19
CUPS (Common UNIX Printing System)=1.1.19_rc5
CUPS (Common UNIX Printing System)=1.1.20
CUPS (Common UNIX Printing System)=1.1.21
CUPS (Common UNIX Printing System)=1.1.22_rc1
Red Hat Fedora Core=core_2.0
Red Hat Fedora Core=core_3.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2004-1270?

    CVE-2004-1270 has been classified with a moderate severity due to its potential impact on local users.

  • How do I fix CVE-2004-1270?

    To mitigate CVE-2004-1270, ensure that file descriptors 0, 1, and 2 are correctly managed when running lppasswd.

  • What systems are affected by CVE-2004-1270?

    CVE-2004-1270 affects various versions of CUPS, specifically from 1.0.4 to 1.1.22.

  • Can CVE-2004-1270 be exploited remotely?

    CVE-2004-1270 is considered a local vulnerability, meaning it requires local user access for exploitation.

  • Is there a patch available for CVE-2004-1270?

    Yes, users should update to a fixed version of CUPS beyond 1.1.22 to eliminate the vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203