ID CVE-2015-8560
Summary Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • linuxfoundation cups-filters 1.0.42
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.42
  • linuxfoundation cups-filters 1.0.43
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.43
  • linuxfoundation cups-filters 1.0.44
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.44
  • linuxfoundation cups-filters 1.0.45
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.45
  • linuxfoundation cups-filters 1.0.46
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.46
  • linuxfoundation cups-filters 1.0.47
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.47
  • linuxfoundation cups-filters 1.0.48
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.48
  • linuxfoundation cups-filters 1.0.49
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.49
  • linuxfoundation cups-filters 1.0.50
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.50
  • Linux Foundation cups-filters 1.0.51
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.51
  • Linux Foundation cups-filters 1.0.52
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.52
  • Linux Foundation cups-filters 1.0.53
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.53
  • Linux Foundation cups-filters 1.0.54
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.54
  • Linux Foundation CUPS-Filters 1.0.55
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.55
  • Linux Foundation CUPS-Filters 1.0.56
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.56
  • Linux Foundation CUPS-Filters 1.0.57
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.57
  • Linux Foundation CUPS-Filters 1.0.58
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.58
  • Linux Foundation CUPS-Filters 1.0.59
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.59
  • Linux Foundation CUPS-Filters 1.0.60
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.60
  • Linux Foundation CUPS-Filters 1.0.61
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.61
  • Linux Foundation CUPS-Filters 1.0.62
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.62
  • Linux Foundation CUPS-Filters 1.0.63
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.63
  • Linux Foundation CUPS-Filters 1.0.64
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.64
  • linuxfoundation cups-filters 1.0.65
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.65
  • Linux Foundation CUPS-Filters 1.0.66
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.66
  • Linux Foundation CUPS-Filters 1.0.67
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.67
  • Linux Foundation CUPS-Filters 1.0.68
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.68
  • Linux Foundation CUPS-Filters 1.0.69
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.69
  • Linux Foundation CUPS-Filters 1.0.70
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.70
  • Linux Foundation CUPS-Filters 1.0.71
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.71
  • Linux Foundation CUPS-Filters 1.0.72
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.72
  • Linux Foundation CUPS-Filters 1.0.73
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.73
  • Linux Foundation CUPS-Filters 1.0.74
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.74
  • Linux Foundation CUPS-Filters 1.0.75
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.75
  • Linux Foundation CUPS-Filters 1.0.76
    cpe:2.3:a:linuxfoundation:cups-filters:1.0.76
  • Linux Foundation CUPS-Filters 1.1.0
    cpe:2.3:a:linuxfoundation:cups-filters:1.1.0
  • Linux Foundation CUPS-Filters 1.2.0
    cpe:2.3:a:linuxfoundation:cups-filters:1.2.0
  • Linux Foundation CUPS-Filters 1.3.0
    cpe:2.3:a:linuxfoundation:cups-filters:1.3.0
  • Linux Foundation CUPS-Filters 4.0.0
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0
  • Linux Foundation Foomatic-Filters 4.0.1
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1
  • Linux Foundation Foomatic-Filters 4.0.2
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2
  • Linux Foundation Foomatic-Filters 4.0.3
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3
  • Linux Foundation Foomatic-Filters 4.0.4
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4
  • Linux Foundation Foomatic-Filters 4.0.5
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5
  • Linux Foundation Foomatic-Filters 4.0.6
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6
  • Linux Foundation Foomatic-Filters 4.0.7
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7
  • Linux Foundation Foomatic-Filters 4.0.8
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8
  • Linux Foundation Foomatic-Filters 4.0.9
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9
  • Linux Foundation Foomatic-Filters 4.0.10
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10
  • Linux Foundation Foomatic-Filters 4.0.11
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11
  • Linux Foundation Foomatic-Filters 4.0.12
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12
  • Linux Foundation Foomatic-Filters 4.0.13
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13
  • Linux Foundation Foomatic-Filters 4.0.14
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14
  • Linux Foundation Foomatic-Filters 4.0.15
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15
  • Linux Foundation Foomatic-Filters 4.0.16
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16
  • Linux Foundation Foomatic-Filters 4.0.17
    cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17
CVSS
Base: 7.5 (as of 19-04-2016 - 16:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0040.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, (CVE-2015-8560) - Prevent foomatic-rip overrun (bug #1214534).
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 90139
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90139
    title OracleVM 3.3 / 3.4 : foomatic (OVMSA-2016-0040)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160323_FOOMATIC_ON_SL6_X.NASL
    description It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 90142
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90142
    title Scientific Linux Security Update : foomatic on SL6.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3429.NASL
    description Michal Kowalczyk and Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87541
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87541
    title Debian DSA-3429-1 : foomatic-filters - security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2838-2.NASL
    description Adam Chester discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87463
    published 2015-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87463
    title Ubuntu 12.04 LTS : foomatic-filters vulnerability (USN-2838-2)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0491.NASL
    description An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90114
    published 2016-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90114
    title RHEL 6 : foomatic (RHSA-2016:0491)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0491.NASL
    description An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90120
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90120
    title CentOS 6 : foomatic (CESA-2016:0491)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-954.NASL
    description This update for cups-filters fixes the following issues : - cups-filters-1.0.58-CVE-2015-8327-et_alii.patch adds back tick and semicolon to the list of illegal shell escape characters to fix CVE-2015-8327 and CVE-2015-8560 (boo#957531).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 87628
    published 2015-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87628
    title openSUSE Security Update : cups-filters (openSUSE-2015-954)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-A108C34086.NASL
    description Fixes CVE-2015-8560 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89343
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89343
    title Fedora 23 : cups-filters-1.4.0-1.fc23 (2015-a108c34086)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0491.NASL
    description From Red Hat Security Advisory 2016:0491 : An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available from the CVE links in the References section. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 90110
    published 2016-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90110
    title Oracle Linux 6 : foomatic (ELSA-2016-0491)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3419.NASL
    description Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87383
    published 2015-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87383
    title Debian DSA-3419-1 : cups-filters - security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2838-1.NASL
    description Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87462
    published 2015-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87462
    title Ubuntu 14.04 LTS / 15.04 / 15.10 : cups-filters vulnerability (USN-2838-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-371.NASL
    description Adam Chester discovered that there was an injection vulnerability in foomatic-filters which is used by printer spoolers to convert incoming PostScript data into the printer's native format. This could lead to the execution of arbitrary commands. The patch applied in DLA 365-1 prevented usage of (unescaped) backticks and this update complements the previous update by doing the same for semi-colons. For Debian 6 Squeeze, this issue has been fixed in foomatic-filters version 4.0.5-6+squeeze2+deb6u12. (Thanks to Yann Soubeyrand who prepared the updated Debian package) NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 87508
    published 2015-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87508
    title Debian DLA-371-1 : foomatic-filters security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-998911CF3F.NASL
    description Fixes CVE-2015-8560 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89336
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89336
    title Fedora 22 : cups-filters-1.4.0-1.fc22 (2015-998911cf3f)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0112-1.NASL
    description This update fixes the following security issues : - CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87913
    published 2016-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87913
    title SUSE SLED11 / SLES11 Security Update : foomatic-filters (SUSE-SU-2016:0112-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-690.NASL
    description It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8560) It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 90632
    published 2016-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90632
    title Amazon Linux AMI : foomatic (ALAS-2016-690)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7329938BA4E611E5B86414DAE9D210B8.NASL
    description Till Kamppeter reports : Cups Filters/Foomatic Filters does not consider semicolon as an illegal escape character.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 87482
    published 2015-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87482
    title FreeBSD : cups-filters -- code execution (7329938b-a4e6-11e5-b864-14dae9d210b8)
redhat via4
advisories
bugzilla
id 1291227
title CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character
oval
AND
  • comment foomatic is earlier than 0:4.0.4-5.el6_7
    oval oval:com.redhat.rhsa:tst:20160491005
  • comment foomatic is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20111110006
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
rhsa
id RHSA-2016:0491
released 2016-03-22
severity Moderate
title RHSA-2016:0491: foomatic security update (Moderate)
rpms foomatic-0:4.0.4-5.el6_7
refmap via4
confirm
debian
  • DSA-3419
  • DSA-3429
mlist
  • [oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character
  • [oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character
ubuntu
  • USN-2838-1
  • USN-2838-2
Last major update 03-10-2016 - 22:06
Published 14-04-2016 - 10:59
Last modified 30-10-2018 - 12:27
Back to Top