The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2023, 00:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. |
02 Feb 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
Summary | It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. | |
References |
|
Information
Published : 2014-07-23 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3537
Mitre link : CVE-2014-3537
CVE.ORG link : CVE-2014-3537
JSON object : View
Products Affected
apple
- cups
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')