What is the severity of CVE-2004-2154?

CVE-2004-2154 is considered a moderate severity vulnerability as it allows attackers to bypass access control lists.

How do I fix CVE-2004-2154?

To fix CVE-2004-2154, upgrade to CUPS version 1.1.21rc1 or later which addresses this case sensitivity issue.

Which versions of CUPS are affected by CVE-2004-2154?

CVE-2004-2154 affects CUPS versions prior to 1.1.21rc1, including versions 1.0.4, 1.1.19, and earlier.

What could happen if CVE-2004-2154 is exploited?

Exploitation of CVE-2004-2154 could lead to unauthorized access to printers managed by CUPS, potentially allowing attackers to print arbitrary documents.

What does CVE-2004-2154 specifically affect in CUPS?

CVE-2004-2154 specifically affects the case sensitivity of the Location directive in cupsd.conf, allowing for bypassing of intended ACLs.

Vulnerability/
CVE-2004-2154

critical

9.8

CWE

NVD-CWE-Other 178

31/12/2004

5/7/2005

8/8/2024

CVE-2004-2154

First published: Fri Dec 31 2004(Updated: )

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
CUPS (Common UNIX Printing System)	=1.1.19_rc5
CUPS (Common UNIX Printing System)	=1.1.10
CUPS (Common UNIX Printing System)	=1.1.16
CUPS (Common UNIX Printing System)	=1.1.7
CUPS (Common UNIX Printing System)	=1.0.4_8
CUPS (Common UNIX Printing System)	=1.1.15
CUPS (Common UNIX Printing System)	=1.1.13
CUPS (Common UNIX Printing System)	=1.1.17
CUPS (Common UNIX Printing System)	=1.1.4_3
CUPS (Common UNIX Printing System)	=1.1.4
CUPS (Common UNIX Printing System)	=1.1.12
CUPS (Common UNIX Printing System)	=1.1.4_5
CUPS (Common UNIX Printing System)	=1.1.1
CUPS (Common UNIX Printing System)	=1.1.20
CUPS (Common UNIX Printing System)	=1.1.18
CUPS (Common UNIX Printing System)	=1.1.19
CUPS (Common UNIX Printing System)	=1.0.4
CUPS (Common UNIX Printing System)	=1.1.14
CUPS (Common UNIX Printing System)	=1.1.4_2
CUPS (Common UNIX Printing System)	=1.1.6
CUPS	<1.1.21
CUPS	=1.1.21
Ubuntu	=4.10

Remedy

http://www.cups.org/str.php?L700

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-2154?
CVE-2004-2154 is considered a moderate severity vulnerability as it allows attackers to bypass access control lists.
How do I fix CVE-2004-2154?
To fix CVE-2004-2154, upgrade to CUPS version 1.1.21rc1 or later which addresses this case sensitivity issue.
Which versions of CUPS are affected by CVE-2004-2154?
CVE-2004-2154 affects CUPS versions prior to 1.1.21rc1, including versions 1.0.4, 1.1.19, and earlier.
What could happen if CVE-2004-2154 is exploited?
Exploitation of CVE-2004-2154 could lead to unauthorized access to printers managed by CUPS, potentially allowing attackers to print arbitrary documents.
What does CVE-2004-2154 specifically affect in CUPS?
CVE-2004-2154 specifically affects the case sensitivity of the Location directive in cupsd.conf, allowing for bypassing of intended ACLs.

agent/type
agent/first-publish-date
agent/remedy
agent/severity
agent/weakness
agent/references
agent/description
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
collector/nvd-historical
vendor/easy software products
product/cups
agent/software-canonical-lookup-request
collector/nvd-index
agent/author
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/softwarecombine
canonical/cups (common unix printing system)
version/cups (common unix printing system)/1.1.19_rc5
version/cups (common unix printing system)/1.1.10
version/cups (common unix printing system)/1.1.16
version/cups (common unix printing system)/1.1.7
version/cups (common unix printing system)/1.0.4_8
version/cups (common unix printing system)/1.1.15
version/cups (common unix printing system)/1.1.13
version/cups (common unix printing system)/1.1.17
version/cups (common unix printing system)/1.1.4_3
version/cups (common unix printing system)/1.1.4
version/cups (common unix printing system)/1.1.12
version/cups (common unix printing system)/1.1.4_5
version/cups (common unix printing system)/1.1.1
version/cups (common unix printing system)/1.1.20
version/cups (common unix printing system)/1.1.18
version/cups (common unix printing system)/1.1.19
version/cups (common unix printing system)/1.0.4
version/cups (common unix printing system)/1.1.14
version/cups (common unix printing system)/1.1.4_2
version/cups (common unix printing system)/1.1.6
vendor/apple
canonical/cups
version/cups/1.1.21
vendor/canonical
canonical/ubuntu
version/ubuntu/4.10