CVE-2014-2707: OS Command Injection
First published: Wed Apr 02 2014(Updated: )
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/cups-filters | <1.0.51 | 1.0.51 |
| CUPS Filters | =1.0.41 | |
| CUPS Filters | =1.0.42 | |
| CUPS Filters | =1.0.43 | |
| CUPS Filters | =1.0.44 | |
| CUPS Filters | =1.0.45 | |
| CUPS Filters | =1.0.46 | |
| CUPS Filters | =1.0.47 | |
| CUPS Filters | =1.0.48 | |
| CUPS Filters | =1.0.49 | |
| CUPS Filters | =1.0.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html
- http://seclists.org/oss-sec/2014/q2/13
- http://secunia.com/advisories/57530
- http://www.ubuntu.com/usn/USN-2210-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1083326
- http://seclists.org/oss-sec/2014/q2/3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1083327
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7189
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7116
- https://access.redhat.com/security/cve/CVE-2014-2707
- http://www.openwall.com/lists/oss-security/2014/04/02/6
- https://bugzilla.novell.com/show_bug.cgi?id=871327
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1083326#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1091565
Frequently Asked Questions
What is the severity of CVE-2014-2707?
CVE-2014-2707 has a high severity rating due to its ability to allow remote IPP printers to execute arbitrary commands.
How do I fix CVE-2014-2707?
To fix CVE-2014-2707, upgrade the cups-filters package to version 1.0.51 or later.
Which versions of cups-filters are affected by CVE-2014-2707?
CVE-2014-2707 affects cups-filters versions from 1.0.41 to 1.0.50.
What is the impact of CVE-2014-2707?
The impact of CVE-2014-2707 is the potential execution of arbitrary commands on the system, which poses a significant security risk.
Who is responsible for releasing a patch for CVE-2014-2707?
The Linux Foundation is responsible for releasing updates to the cups-filters package that address CVE-2014-2707.
- agent/type
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-2707
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/linuxfoundation
- canonical/cups filters
- version/cups filters/1.0.41
- version/cups filters/1.0.42
- version/cups filters/1.0.43
- version/cups filters/1.0.44
- version/cups filters/1.0.45
- version/cups filters/1.0.46
- version/cups filters/1.0.47
- version/cups filters/1.0.48
- version/cups filters/1.0.49
- version/cups filters/1.0.50