Vulnerability Details : CVE-2015-8560
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
Products affected by CVE-2015-8560
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.73:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.74:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.71:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.72:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.75:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.76:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:cups-filters:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8560
4.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8560
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
7.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST |
References for CVE-2015-8560
-
http://www.ubuntu.com/usn/USN-2838-2
USN-2838-2: foomatic-filters vulnerability | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2015/12/14/13
oss-security - Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character
-
http://www.debian.org/security/2015/dsa-3429
Debian -- Security Information -- DSA-3429-1 foomatic-filters
-
http://rhn.redhat.com/errata/RHSA-2016-0491.html
RHSA-2016:0491 - Security Advisory - Red Hat Customer Portal
-
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
/openprinting/cups-filters : revision 7419
-
http://www.openwall.com/lists/oss-security/2015/12/13/2
oss-security - CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character
-
http://www.ubuntu.com/usn/USN-2838-1
USN-2838-1: cups-filters vulnerability | Ubuntu security notices
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016
-
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS
/openprinting/cups-filters : contents of NEWS at revision 7733Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3419
Debian -- Security Information -- DSA-3419-1 cups-filters
Jump to