ID CVE-2015-8327
Summary Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux HPC Node 6.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • Linux Foundation CUPS-Filters 4.0.0
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0
  • Linux Foundation Foomatic-Filters 4.0.1
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1
  • Linux Foundation Foomatic-Filters 4.0.2
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2
  • Linux Foundation Foomatic-Filters 4.0.3
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3
  • Linux Foundation Foomatic-Filters 4.0.4
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4
  • Linux Foundation Foomatic-Filters 4.0.5
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5
  • Linux Foundation Foomatic-Filters 4.0.6
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6
  • Linux Foundation Foomatic-Filters 4.0.7
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7
  • Linux Foundation Foomatic-Filters 4.0.8
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8
  • Linux Foundation Foomatic-Filters 4.0.9
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9
  • Linux Foundation Foomatic-Filters 4.0.10
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10
  • Linux Foundation Foomatic-Filters 4.0.11
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11
  • Linux Foundation Foomatic-Filters 4.0.12
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12
  • Linux Foundation Foomatic-Filters 4.0.13
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13
  • Linux Foundation Foomatic-Filters 4.0.14
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14
  • Linux Foundation Foomatic-Filters 4.0.15
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15
  • Linux Foundation Foomatic-Filters 4.0.16
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16
  • Linux Foundation Foomatic-Filters 4.0.17
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • linuxfoundation cups-filters 1.0.42
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.42
  • linuxfoundation cups-filters 1.0.43
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.43
  • linuxfoundation cups-filters 1.0.44
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.44
  • linuxfoundation cups-filters 1.0.45
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.45
  • linuxfoundation cups-filters 1.0.46
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.46
  • linuxfoundation cups-filters 1.0.47
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.47
  • linuxfoundation cups-filters 1.0.48
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.48
  • linuxfoundation cups-filters 1.0.49
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.49
  • linuxfoundation cups-filters 1.0.50
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.50
  • Linux Foundation cups-filters 1.0.51
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.51
  • Linux Foundation cups-filters 1.0.52
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.52
  • Linux Foundation cups-filters 1.0.53
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.53
  • Linux Foundation cups-filters 1.0.54
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.54
  • Linux Foundation CUPS-Filters 1.0.55
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.55
  • Linux Foundation CUPS-Filters 1.0.56
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.56
  • Linux Foundation CUPS-Filters 1.0.57
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.57
  • Linux Foundation CUPS-Filters 1.0.58
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.58
  • Linux Foundation CUPS-Filters 1.0.59
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.59
  • Linux Foundation CUPS-Filters 1.0.60
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.60
  • Linux Foundation CUPS-Filters 1.0.61
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.61
  • Linux Foundation CUPS-Filters 1.0.62
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.62
  • Linux Foundation CUPS-Filters 1.0.63
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.63
  • Linux Foundation CUPS-Filters 1.0.64
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.64
  • linuxfoundation cups-filters 1.0.65
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.65
  • Linux Foundation CUPS-Filters 1.0.66
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.66
  • Linux Foundation CUPS-Filters 1.0.67
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.67
  • Linux Foundation CUPS-Filters 1.0.68
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.68
  • Linux Foundation CUPS-Filters 1.0.69
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.69
  • Linux Foundation CUPS-Filters 1.0.70
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.70
  • Linux Foundation CUPS-Filters 1.0.71
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.71
  • Linux Foundation CUPS-Filters 1.0.72
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.72
  • Linux Foundation CUPS-Filters 1.0.73
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.73
  • Linux Foundation CUPS-Filters 1.0.74
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.74
  • Linux Foundation CUPS-Filters 1.0.75
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.75
  • Linux Foundation CUPS-Filters 1.0.76
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.76
  • Linux Foundation CUPS-Filters 1.1.0
    cpe:2.3:a:linuxfoundation:cups-filters:1.1.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 7.5 (as of 28-06-2016 - 11:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0092-1.NASL
    description This update fixes the following security issue : CVE-2015-8327 adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87910
    published 2016-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87910
    title SUSE SLED12 / SLES12 Security Update : cups-filters (SUSE-SU-2016:0092-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0040.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, (CVE-2015-8560) - Prevent foomatic-rip overrun (bug #1214534).
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 90139
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90139
    title OracleVM 3.3 / 3.4 : foomatic (OVMSA-2016-0040)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3411.NASL
    description Michal Kowalczyk discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. The oldstable distribution (wheezy) is not affected.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87175
    published 2015-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87175
    title Debian DSA-3411-1 : cups-filters - security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6DBAE1A8A4E611E5B86414DAE9D210B8.NASL
    description Salvatore Bonaccorso reports : Cups Filters/Foomatic Filters does not consider backtick as an illegal escape character.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 87481
    published 2015-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87481
    title FreeBSD : cups-filters -- code execution (6dbae1a8-a4e6-11e5-b864-14dae9d210b8)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2831-1.NASL
    description Michal Kowalczyk discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87237
    published 2015-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87237
    title Ubuntu 14.04 LTS / 15.04 / 15.10 : cups-filters vulnerability (USN-2831-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160323_FOOMATIC_ON_SL6_X.NASL
    description It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 90142
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90142
    title Scientific Linux Security Update : foomatic on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-67.NASL
    description This update fixes the following security issue : CVE-2015-8327 adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-01-25
    plugin id 88134
    published 2016-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88134
    title openSUSE Security Update : cups-filters (openSUSE-2016-67)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3429.NASL
    description Michal Kowalczyk and Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87541
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87541
    title Debian DSA-3429-1 : foomatic-filters - security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2831-2.NASL
    description Michal Kowalczyk discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87238
    published 2015-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87238
    title Ubuntu 12.04 LTS : foomatic-filters vulnerability (USN-2831-2)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-365.NASL
    description It was discovered that there was an injection vulnerability in foomatic-filters which is used by printer spoolers to convert incoming PostScript data into the printer's native format. For Debian 6 Squeeze, this issue has been fixed in foomatic-filters version 4.0.5-6+squeeze2+deb6u11 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 87287
    published 2015-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87287
    title Debian DLA-365-1 : foomatic-filters security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0491.NASL
    description An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90114
    published 2016-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90114
    title RHEL 6 : foomatic (RHSA-2016:0491)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0491.NASL
    description An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90120
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90120
    title CentOS 6 : foomatic (CESA-2016:0491)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-954.NASL
    description This update for cups-filters fixes the following issues : - cups-filters-1.0.58-CVE-2015-8327-et_alii.patch adds back tick and semicolon to the list of illegal shell escape characters to fix CVE-2015-8327 and CVE-2015-8560 (boo#957531).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 87628
    published 2015-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87628
    title openSUSE Security Update : cups-filters (openSUSE-2015-954)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0491.NASL
    description From Red Hat Security Advisory 2016:0491 : An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 90110
    published 2016-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90110
    title Oracle Linux 6 : foomatic (ELSA-2016-0491)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0112-1.NASL
    description This update fixes the following security issues : - CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87913
    published 2016-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87913
    title SUSE SLED11 / SLES11 Security Update : foomatic-filters (SUSE-SU-2016:0112-1)
redhat via4
advisories
rhsa
id RHSA-2016:0491
rpms foomatic-0:4.0.4-5.el6_7
refmap via4
bid 78524
confirm
debian
  • DSA-3411
  • DSA-3429
mlist
  • [debian-printing] 20151126 cups-filters 1.2.0 released!
  • [debian-printing] 20151201 Re: cups-filters 1.2.0 released!
suse openSUSE-SU-2016:0179
ubuntu
  • USN-2831-1
  • USN-2831-2
Last major update 07-12-2016 - 13:26
Published 17-12-2015 - 14:59
Last modified 30-10-2018 - 12:27
Back to Top