CVE-2012-5519

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*

History

13 Feb 2023, 00:26

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2012-5519', 'name': 'https://access.redhat.com/security/cve/CVE-2012-5519', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=875898', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=875898', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0580', 'name': 'https://access.redhat.com/errata/RHSA-2013:0580', 'tags': [], 'refsource': 'MISC'}
Summary CVE-2012-5519 cups: privilege escalation for users of the CUPS SystemGroup group CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

02 Feb 2023, 18:16

Type Values Removed Values Added
Summary CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. CVE-2012-5519 cups: privilege escalation for users of the CUPS SystemGroup group
References
  • (MISC) https://access.redhat.com/security/cve/CVE-2012-5519 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=875898 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0580 -

Information

Published : 2012-11-20 00:55

Updated : 2023-12-10 11:16


NVD link : CVE-2012-5519

Mitre link : CVE-2012-5519

CVE.ORG link : CVE-2012-5519


JSON object : View

Products Affected

apple

  • cups

debian

  • debian_linux
CWE
CWE-264

Permissions, Privileges, and Access Controls