Description
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
Product(s):
- Easy Software Products CUPS 1.0.4
- Easy Software Products CUPS 1.0.4_8
- Easy Software Products CUPS 1.1.10
- Easy Software Products CUPS 1.1.12
- Easy Software Products CUPS 1.1.13
- Easy Software Products CUPS 1.1.14
- Easy Software Products CUPS 1.1.15
- Easy Software Products CUPS 1.1.16
- Easy Software Products CUPS 1.1.17
- Easy Software Products CUPS 1.1.18
- Easy Software Products CUPS 1.1.19
- Easy Software Products CUPS 1.1.19 RC5
- Easy Software Products CUPS 1.1.1
- Easy Software Products CUPS 1.1.20
- Easy Software Products CUPS 1.1.21
- Easy Software Products CUPS 1.1.4
- Easy Software Products CUPS 1.1.4_2
- Easy Software Products CUPS 1.1.4_3
- Easy Software Products CUPS 1.1.4_5
- Easy Software Products CUPS 1.1.6
- Easy Software Products CUPS 1.1.7
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.7
- Apple Mac OS X 10.2.8
- Apple Mac OS X 10.2
- Apple Mac OS X 10.3.1
- Apple Mac OS X 10.3.2
- Apple Mac OS X 10.3.3
- Apple Mac OS X 10.3.4
- Apple Mac OS X 10.3.5
- Apple Mac OS X 10.3
- Apple Mac OS X Server 10.2.1
- Apple Mac OS X Server 10.2.2
- Apple Mac OS X Server 10.2.3
- Apple Mac OS X Server 10.2.4
- Apple Mac OS X Server 10.2.5
- Apple Mac OS X Server 10.2.6
- Apple Mac OS X Server 10.2.7
- Apple Mac OS X Server 10.2.8
- Apple Mac OS X Server 10.2
- Apple Mac OS X Server 10.3.1
- Apple Mac OS X Server 10.3.2
- Apple Mac OS X Server 10.3.3
- Apple Mac OS X Server 10.3.4
- Apple Mac OS X Server 10.3.5
- Apple Mac OS X Server 10.3
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0923, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0923 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.