CVE-2004-0923

EPSS 0.10%

cupsys - unsanitised input

Published: 1/27/2005Modified: 4/28/2026

Also known as:DEBIAN-CVE-2004-0923

Description

CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.

Affected packages (2)

Debian/cupsfrom 0, < 1.1.20final+rc1-9
Debian/cupsysfrom 0, < 1.1.14-5woody7

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-0923