Vulnerability Details : CVE-2004-1270
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
Exploit prediction scoring system (EPSS) score for CVE-2004-1270
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-1270
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2004-1270
- http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11507
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:008
- https://usn.ubuntu.com/50-1/
- http://www.redhat.com/support/errata/RHSA-2005-053.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18609
-
http://tigger.uic.edu/~jlongs2/holes/cups2.txt
Exploit;Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-013.html
Products affected by CVE-2004-1270
- cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*