DEBIAN-CVE-2004-1270

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2004-1270

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2004-1270.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2004-1270

Upstream

CVE-2004-1270

Published

2005-01-10T05:00:00Z

Modified

2025-09-19T06:21:17Z

Summary

[none]

Details

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

References

https://security-tracker.debian.org/tracker/CVE-2004-1270

Affected packages

Debian:11 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.22-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.22-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.22-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.22-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}