CVE

Id
4164  
CVE No.
CVE-2001-1360  
Status
Candidate  
Description
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.  
Phase
Proposed (20020611)  
Votes
ACCEPT(3) Alderson, Cole, Green | MODIFY(2) Cox, Frech | NOOP(2) Foat, Wall  
Comments
CHANGE> [Cox changed vote from REVIEWING to MODIFY] | Cox> I"m not sure how to vote on this, I did the research and read | the changlog and it appears that the issue you mention here has not | been fixed at all; merely documented as of sane version 1.0.5 | | Change description based on the information in the Sane tarball; note that | this affects all versions to date and is not fixed. | | ---cut--- | | - Security problems with pnm | If the pnm backend is installed and saned is used to allow users on | remote computers to scan on the local machine, pnm files can be read by | the remote user. This is limited to the files saned can access (usually | it"s running as user "sane"). All pnm files can be read if saned runs | as root which isn"t recommended anyway. The pnm backend is disabled | by default. If you want to use it, enable it with configure (see | configure --help for details). Be sure that only trusted users can | access the pnm backend over saned. | | ---cut--- | Frech> XF:sane-prm-read-files(9853)  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
19529 4164 CVE-2001-1360 CONFIRM:ftp://ftp.mostang.com/pub/sane/sane-1.0.8/sane-backends-1.0.8.tar.gz  View
19530 4164 CVE-2001-1360 VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)  View

Related JVN