漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
Vulnerability Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
OpenPrinting CUPS 输入验证错误漏洞
Vulnerability Description
OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。 OpenPrinting CUPS 2.4.16及之前版本存在输入验证错误漏洞,该漏洞源于在具有共享目标队列的网络暴露cupsd中,未经授权的客户端可以向共享PostScript队列发送Print-Job,可能导致服务器执行攻击者选择的现有二进制文件。
CVSS Information
N/A
Vulnerability Type
N/A