lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
tigger.uic.edu/~jlongs2/holes/cups2.txt
www.gentoo.org/security/en/glsa/glsa-200412-25.xml
www.mandriva.com/security/advisories?name=MDKSA-2005:008
www.redhat.com/support/errata/RHSA-2005-013.html
www.redhat.com/support/errata/RHSA-2005-053.html
exchange.xforce.ibmcloud.com/vulnerabilities/18606
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398
usn.ubuntu.com/50-1/