CVE-2014-2707 Detail

CVE-2014-2707

CVE Descriptions

cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	8.3		AV:A/AC:L/Au:N/C:C/I:C/A:C	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Linuxfoundation>>Cups-filters >> Version 1.0.41

Linuxfoundation>>Cups-filters >> Version 1.0.41 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.42

Linuxfoundation>>Cups-filters >> Version 1.0.42 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.43

Linuxfoundation>>Cups-filters >> Version 1.0.43 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.44

Linuxfoundation>>Cups-filters >> Version 1.0.44 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.45

Linuxfoundation>>Cups-filters >> Version 1.0.45 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.46

Linuxfoundation>>Cups-filters >> Version 1.0.46 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.47

Linuxfoundation>>Cups-filters >> Version 1.0.47 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.48

Linuxfoundation>>Cups-filters >> Version 1.0.48 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.49

Linuxfoundation>>Cups-filters >> Version 1.0.49 (Open CPE detail)

Linuxfoundation>>Cups-filters >> Version 1.0.50

Linuxfoundation>>Cups-filters >> Version 1.0.50 (Open CPE detail)

References

http://secunia.com/advisories/57530
Tags : third-party-advisory, x_refsource_SECUNIA

http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS
Tags : x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html
Tags : vendor-advisory, x_refsource_FEDORA

http://seclists.org/oss-sec/2014/q2/13
Tags : mailing-list, x_refsource_MLIST

http://www.ubuntu.com/usn/USN-2210-1
Tags : vendor-advisory, x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1083326
Tags : x_refsource_CONFIRM

CVE-2014-2707 : Detail