CVE-2015-8560

Severity

75%

Complexity

99%

Confidentiality

106%

CWE-184: Incomplete Blacklist

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

CWE-184: Incomplete Blacklist

CVSS 3.0 Base Score 7.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 8 years ago

2016-04-14 14:59:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.04

15.04

Canonical Ubuntu Linux 15.10

15.10

Debian Linux 8.0 (Jessie)

8.0

linuxfoundation cups-filters 1.0.42

1.0.42

linuxfoundation cups-filters 1.0.43

1.0.43

linuxfoundation cups-filters 1.0.44

1.0.44

linuxfoundation cups-filters 1.0.45

1.0.45

linuxfoundation cups-filters 1.0.46

1.0.46

linuxfoundation cups-filters 1.0.47

1.0.47

linuxfoundation cups-filters 1.0.48

1.0.48

linuxfoundation cups-filters 1.0.49

1.0.49

linuxfoundation cups-filters 1.0.50

1.0.50

Linux Foundation cups-filters 1.0.51

1.0.51

Linux Foundation cups-filters 1.0.52

1.0.52

Linux Foundation cups-filters 1.0.53

1.0.53

Linux Foundation cups-filters 1.0.54

1.0.54

Linux Foundation CUPS-Filters 1.0.55

1.0.55

Linux Foundation CUPS-Filters 1.0.56

1.0.56

Linux Foundation CUPS-Filters 1.0.57

1.0.57

Linux Foundation CUPS-Filters 1.0.58

1.0.58

Linux Foundation CUPS-Filters 1.0.59

1.0.59

Linux Foundation CUPS-Filters 1.0.60

1.0.60

Linux Foundation CUPS-Filters 1.0.61

1.0.61

Linux Foundation CUPS-Filters 1.0.62

1.0.62

Linux Foundation CUPS-Filters 1.0.63

1.0.63

Linux Foundation CUPS-Filters 1.0.64

1.0.64

linuxfoundation cups-filters 1.0.65

1.0.65

Linux Foundation CUPS-Filters 1.0.66

1.0.66

Linux Foundation CUPS-Filters 1.0.67

1.0.67

Linux Foundation CUPS-Filters 1.0.68

1.0.68

Linux Foundation CUPS-Filters 1.0.69

1.0.69

Linux Foundation CUPS-Filters 1.0.70

1.0.70

Linux Foundation CUPS-Filters 1.0.71

1.0.71

Linux Foundation CUPS-Filters 1.0.72

1.0.72

Linux Foundation CUPS-Filters 1.0.73

1.0.73

Linux Foundation CUPS-Filters 1.0.74

1.0.74

Linux Foundation CUPS-Filters 1.0.75

1.0.75

Linux Foundation CUPS-Filters 1.0.76

1.0.76

Linux Foundation CUPS-Filters 1.1.0

1.1.0

Linux Foundation CUPS-Filters 1.2.0

1.2.0

Linux Foundation CUPS-Filters 1.3.0

1.3.0

Linux Foundation CUPS-Filters 4.0.0

4.0.0

Linux Foundation Foomatic-Filters 4.0.1

4.0.1

Linux Foundation Foomatic-Filters 4.0.2

4.0.2

Linux Foundation Foomatic-Filters 4.0.3

4.0.3

Linux Foundation Foomatic-Filters 4.0.4

4.0.4

Linux Foundation Foomatic-Filters 4.0.5

4.0.5

Linux Foundation Foomatic-Filters 4.0.6

4.0.6

Linux Foundation Foomatic-Filters 4.0.7

4.0.7

Linux Foundation Foomatic-Filters 4.0.8

4.0.8

Linux Foundation Foomatic-Filters 4.0.9

4.0.9

Linux Foundation Foomatic-Filters 4.0.10

4.0.10

Linux Foundation Foomatic-Filters 4.0.11

4.0.11

Linux Foundation Foomatic-Filters 4.0.12

4.0.12

Linux Foundation Foomatic-Filters 4.0.13

4.0.13

Linux Foundation Foomatic-Filters 4.0.14

4.0.14

Linux Foundation Foomatic-Filters 4.0.15

4.0.15

Linux Foundation Foomatic-Filters 4.0.16

4.0.16

Linux Foundation Foomatic-Filters 4.0.17

4.0.17

References

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS

Vendor Advisory

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419

RHSA-2016:0491

DSA-3419

DSA-3429

[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character

[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

USN-2838-1

USN-2838-2

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.