Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 542158 (CVE-2015-2265) - <net-print/cups-filters-1.0.66: remove_bad_chars() bypass (CVE-2015-2265)
Summary: <net-print/cups-filters-1.0.66: remove_bad_chars() bypass (CVE-2015-2265)
Alias: CVE-2015-2265
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2015-03-04 17:43 UTC by Andreas K. Hüttel
Modified: 2015-06-30 14:11 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas K. Hüttel archtester gentoo-dev 2015-03-04 17:43:47 UTC
From the upstream bug report: 

cups-browsed fails to properly sanitise data from the network when creating IPP
printer scripts.
As a result, an attacker can remotely create a script containing arbitrary
commands, which will be executed as the "lp" user when the associated printer
is used.

This is the same vulnerability reported as CVE-2014-2707 but the existing fixes
rely on a string sanitisation function remove_bad_chars() which is not

Fixed in net-print/cups-filters-1.0.66 (just bumped). Let's wait a day for testing and then stabilize.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2015-03-08 14:18:58 UTC
I dont see any bug explosion, so let's do it. 

Arches please stabilize

Target: all stable arches
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-03-09 11:19:29 UTC
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2015-03-13 09:26:35 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-03-13 09:27:31 UTC
x86 stable
Comment 5 Markus Meier gentoo-dev 2015-03-14 14:33:37 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-03-25 16:08:13 UTC
ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-03-26 11:23:24 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-03-26 11:30:23 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-03-30 09:50:22 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2015-03-30 10:03:05 UTC
alpha stable.

Maintainer(s), please cleanup.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2015-04-22 20:18:10 UTC
Arches and Maintainer(s), Thank you for your work.

GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).
Comment 12 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-11 16:20:13 UTC
GLSA Vote: No
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2015-05-11 19:36:14 UTC
CVE-2015-2265 (
  The remove_bad_chars function in utils/cups-browsed.c in cups-filters before
  1.0.66 allows remote IPP printers to execute arbitrary commands via
  consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this
  vulnerability exists because of an incomplete fix for CVE-2014-2707.