Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

Vulnerability IntelligenceCVE-2015-8327

CVE-2015-8327

UNKNOWN

Incomplete blacklist vulnerability in util

Published Dec 17, 2015

Modified 1 years ago

Details

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

References

WEB

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS

WEB

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406

ADVISORY

http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html

ADVISORY

http://rhn.redhat.com/errata/RHSA-2016-0491.html

ADVISORY

http://www.debian.org/security/2015/dsa-3411

ADVISORY

http://www.debian.org/security/2015/dsa-3429

WEB

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

WEB

http://www.securityfocus.com/bid/78524

ADVISORY

http://www.ubuntu.com/usn/USN-2831-1

ADVISORY

http://www.ubuntu.com/usn/USN-2831-2

WEB

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886

WEB

https://lists.debian.org/debian-printing/2015/11/msg00020.html

WEB

https://lists.debian.org/debian-printing/2015/12/msg00001.html

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2015-8327

CVSS Analysis

CVSS v2.0

7.5

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

PartialA:P

7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ecosystems

Timeline

PublishedDec 17, 2015

ModifiedAug 6, 2024

CVE-2015-8327 | Mondoo Vulnerability Intelligence