Vulnerability Description
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Hpc Node | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Eus | 6.7.z |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Linuxfoundation | Foomatic-Filters | 4.0.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Linuxfoundation | Cups-Filters | 1.0.42 |
| Debian | Debian Linux | 8.0 |
References
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/heaVendor Advisory
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/740
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html
- http://rhn.redhat.com/errata/RHSA-2016-0491.html
- http://www.debian.org/security/2015/dsa-3411
- http://www.debian.org/security/2015/dsa-3429
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.h
- http://www.securityfocus.com/bid/78524
- http://www.ubuntu.com/usn/USN-2831-1
- http://www.ubuntu.com/usn/USN-2831-2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886
- https://lists.debian.org/debian-printing/2015/11/msg00020.html
- https://lists.debian.org/debian-printing/2015/12/msg00001.html
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/heaVendor Advisory
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/740
FAQ
What is CVE-2015-8327?
CVE-2015-8327 is a vulnerability with a CVSS score of 7.5 (HIGH). Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (...
How severe is CVE-2015-8327?
CVE-2015-8327 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8327?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Workstation.