CVE-2004-1270

Name: CVE-2004-1270
Creator: NVD / NIST
Published: 2005-01-10T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.45%

Last modified Jun 16, 2026

CVE-2004-1270 is a vulnerability of currently unknown severity. lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.

Description

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Metrics

EPSS Probability

0.45%

36.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Easy Software Products	Cups	1.0.4
Easy Software Products	Cups	1.0.4_8
Easy Software Products	Cups	1.1.1
Easy Software Products	Cups	1.1.4
Easy Software Products	Cups	1.1.4_2
Easy Software Products	Cups	1.1.4_3
Easy Software Products	Cups	1.1.4_5
Easy Software Products	Cups	1.1.6
Easy Software Products	Cups	1.1.7
Easy Software Products	Cups	1.1.10
Easy Software Products	Cups	1.1.12
Easy Software Products	Cups	1.1.13
Easy Software Products	Cups	1.1.14
Easy Software Products	Cups	1.1.15
Easy Software Products	Cups	1.1.16
Easy Software Products	Cups	1.1.17
Easy Software Products	Cups	1.1.18
Easy Software Products	Cups	1.1.19
Easy Software Products	Cups	1.1.19_rc5
Easy Software Products	Cups	1.1.20
Easy Software Products	Cups	1.1.21
Easy Software Products	Cups	1.1.22_rc1
Redhat	Fedora Core	core_2.0
Redhat	Fedora Core	core_3.0

References

Timeline

Published: Jan 10, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-1270?

How severe is CVE-2004-1270?

Severity scoring for CVE-2004-1270 is pending analysis. The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.

How do I fix CVE-2004-1270?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-1270?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST