CVE-2014-4338
Summary
| CVE | CVE-2014-4338 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-06-22 21:55:00 UTC |
| Updated | 2018-01-08 15:22:00 UTC |
| Description | cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Linuxfoundation | Cups-filters | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 1204 – cups-browsed: unsupported BrowseAllow value lets cups-browsed accept from all hosts | CONFIRM | bugs.linuxfoundation.org | Third Party Advisory |
| oss-security - Re: cups-browsed remote exploit | MLIST | openwall.com | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| oss-security - Re: Re: cups-browsed remote exploit | MLIST | openwall.com | Mailing List, Third Party Advisory |
| Security Advisory SA62044 - Red Hat update for cups-filters - Secunia | SECUNIA | secunia.com | Permissions Required |
| cups-filters CVE-2014-4338 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.