Signature Detail

APP: CUPS Command Shell Escape Character

This signature detects attempts to exploit a known vulnerability in foomatic-rip filter installed with the Common Unix Printing System (CUPS). Because the filter does not sufficiently check command-line parameters and environment variables, attackers can execute commands on a remote print server with the permissions of the spoold user.

Extended Description

Reportedly, the LinuxPrinting.org Foomatic-Filter is affected by an arbitrary command-execution vulnerability. Although unconfirmed, this issue is likely due to the affected script's failure to properly validate input when issuing shell commands. An attacker may exploit this issue to execute arbitrary commands as the printer user on a computer running the vulnerable software.

Affected Products

• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• LinuxPrinting.org Foomatic-Filters 3.0.0
• LinuxPrinting.org Foomatic-Filters 3.0.1
• LinuxPrinting.org Foomatic-Filters 3.0.2
• LinuxPrinting.org Foomatic-Filters 3.1.0
• Sun Java Desktop System (JDS) 2.0.0
• Sun Java Desktop System (JDS) 2003
• SuSE Linux 8.1.0
• SuSE Linux Desktop 1.0.0
• SuSE Linux Personal 10.0.0 OSS
• SuSE Linux Personal 10.1
• SuSE Linux Personal 8.2.0
• SuSE Linux Personal 9.0.0
• SuSE Linux Personal 9.1.0
• SuSE Linux Personal 9.3.0
• SuSE Linux Personal 9.3.0 X86 64
• SuSE Linux Professional 10.0.0
• SuSE Linux Professional 10.0.0 OSS
• SuSE Linux Professional 10.1
• SuSE Linux Professional 9.3.0
• SuSE Linux Professional 9.3.0 X86 64
• SuSE SUSE Linux Enterprise Server 8
• SuSE SUSE Linux Enterprise Server 9
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 2.0.0
• Trustix Secure Linux 2.1.0

References

• BugTraq: 11184
• CVE: CVE-2004-0801
• URL: http://www.gentoo.org/security/en/glsa/glsa-200409-24.xml
• URL: http://www.securityfocus.com/bid/11184