Nixpkgs Security Tracker

Dismissed

Permalink CVE-2004-2154

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 1 week ago
@LeSuisse removed
68 packages
- apcupsd
- cups-bjnp
- cups-dymo
- carps-cups
- cups-zj-58
- cups-browsed
- cups-filters
- cups-kyocera
- cups-printers
- gutenprintBin
- cups-kyodialog
- cups-pk-helper
- gutenprint-bin
- libcupsfilters
- canon-cups-ufr2
- cups-idprt-tspl
- cups-pdf-to-pdf
- cups-idprt-mt888
- cups-idprt-mt890
- cups-idprt-sp900
- cups-idprt-barcode
- brgenml1cupswrapper
- mfc465cncupswrapper
- cups-brother-dcpt310
- cups-toshiba-estudio
- dcp375cw-cupswrapper
- mfc5890cncupswrapper
- mfcj880dwcupswrapper
- perlPackages.NetCUPS
- mfc9140cdncupswrapper
- mfcj470dw-cupswrapper
- mfcl2700dncupswrapper
- mfcl2720dwcupswrapper
- mfcl2740dwcupswrapper
- perl5Packages.NetCUPS
- magicard-cups-driver
- cups-brother-dcpt725dw
- cups-brother-hl3170cdw
- cups-brother-hll2350dw
- cups-brother-hll2375dw
- cups-kyocera-3500-4500
- dcp9020cdw-cupswrapper
- mfcj6510dw-cupswrapper
- mfcl3770cdwcupswrapper
- mfcl8690cdwcupswrapper
- cups-brother-mfcl2710dw
- cups-brother-mfcl2750dw
- cups-brother-mfcl2800dw
- perl538Packages.NetCUPS
- perl540Packages.NetCUPS
- cups-brother-dcp1610wlpr
- cups-brother-dcpl3550cdw
- python312Packages.pycups
- python313Packages.pycups
- python314Packages.pycups
- mfcj470dwlpr.x86_64-linux
- prometheus-apcupsd-exporter
- cups-kyocera-ecosys-m552x-p502x
- cups-brother-hl1110.x86_64-linux
- cups-brother-hl1210w.x86_64-linux
- cups-brother-hl2260d.x86_64-linux
- cups-brother-hl3140cw.x86_64-linux
- cups-brother-hll2340dw.x86_64-linux
- home-assistant-component-tests.cups
- cups-brother-hll3230cdw.x86_64-linux
- home-assistant-component-tests.apcupsd
- cups-kyocera-ecosys-m2x35-40-p2x35-40dnw
- tests.home-assistant-component-tests.apcupsd
1 month ago
@LeSuisse dismissed 1 month ago

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as …

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

References

SUSE-SR:2005:018 vendor-advisory x_refsource_SUSE
http://www.cups.org/str.php?L700 x_refsource_CONFIRM
RHSA-2005:571 vendor-advisory x_refsource_REDHAT
FLSA:163274 vendor-advisory x_refsource_FEDORA
USN-185-1 vendor-advisory x_refsource_UBUNTU
oval:org.mitre.oval:def:9940 x_refsource_OVAL vdb-entry signature
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 x_refsource_CONFIRM
RHSA-2005:571 vendor-advisory x_refsource_REDHAT
FLSA:163274 vendor-advisory x_refsource_FEDORA
USN-185-1 vendor-advisory x_refsource_UBUNTU
oval:org.mitre.oval:def:9940 x_refsource_OVAL vdb-entry signature
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 x_refsource_CONFIRM
SUSE-SR:2005:018 vendor-advisory x_refsource_SUSE
http://www.cups.org/str.php?L700 x_refsource_CONFIRM
SUSE-SR:2005:018 vendor-advisory x_transferred x_refsource_SUSE
http://www.cups.org/str.php?L700 x_transferred x_refsource_CONFIRM
RHSA-2005:571 vendor-advisory x_refsource_REDHAT x_transferred
FLSA:163274 vendor-advisory x_transferred x_refsource_FEDORA
USN-185-1 vendor-advisory x_transferred x_refsource_UBUNTU
oval:org.mitre.oval:def:9940 x_refsource_OVAL vdb-entry signature x_transferred
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 x_transferred x_refsource_CONFIRM
SUSE-SR:2005:018 vendor-advisory x_refsource_SUSE
http://www.cups.org/str.php?L700 x_refsource_CONFIRM
RHSA-2005:571 vendor-advisory x_refsource_REDHAT
FLSA:163274 vendor-advisory x_refsource_FEDORA
USN-185-1 vendor-advisory x_refsource_UBUNTU
oval:org.mitre.oval:def:9940 x_refsource_OVAL vdb-entry signature
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 x_refsource_CONFIRM
SUSE-SR:2005:018 vendor-advisory x_transferred x_refsource_SUSE
http://www.cups.org/str.php?L700 x_transferred x_refsource_CONFIRM
RHSA-2005:571 vendor-advisory x_refsource_REDHAT x_transferred
FLSA:163274 vendor-advisory x_transferred x_refsource_FEDORA
USN-185-1 vendor-advisory x_transferred x_refsource_UBUNTU
oval:org.mitre.oval:def:9940 x_refsource_OVAL vdb-entry signature x_transferred
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 x_transferred x_refsource_CONFIRM

Affected products

n/a

==n/a

cups

<1.1.21

ubuntu_linux

==4.10

Matching in nixpkgs

pkgs.cups

Standards-based printing system for UNIX

nixos-unstable 2.4.16
- nixpkgs-unstable 2.4.16
- nixos-unstable-small 2.4.16
nixos-25.11 2.4.16
- nixos-25.11-small 2.4.16
- nixpkgs-25.11-darwin 2.4.16

Package maintainers

@matthewbauer Matthew Bauer <mjbauer95@gmail.com>

Old issue. No impact on current stable branch.

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.cups

Package maintainers