CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
77.0%
Debian Security Advisory DLA-0022-1
https://wiki.debian.org/LTS
Package : cups
Version : 1.4.4-7+squeeze6
CVE ID : CVE-2014-3537
CVE-2014-5029
CVE-2014-5030
CVE-2014-5031
It was discovered that the web interface in CUPS, the Common UNIX
Printing System, incorrectly validated permissions on rss files and
directory index files. A local attacker could possibly use this issue
to bypass file permissions and read arbitrary files, possibly leading
to a privilege escalation.Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | s390 | libcups2-dev | < 1.5.3-5+deb7u4 | libcups2-dev_1.5.3-5+deb7u4_s390.deb |
Debian | 7 | s390 | cups-bsd | < 1.5.3-5+deb7u4 | cups-bsd_1.5.3-5+deb7u4_s390.deb |
Debian | 7 | armel | libcupsdriver1 | < 1.5.3-5+deb7u4 | libcupsdriver1_1.5.3-5+deb7u4_armel.deb |
Debian | 7 | i386 | libcupsppdc1-dev | < 1.5.3-5+deb7u4 | libcupsppdc1-dev_1.5.3-5+deb7u4_i386.deb |
Debian | 7 | mips | libcupsmime1-dev | < 1.5.3-5+deb7u4 | libcupsmime1-dev_1.5.3-5+deb7u4_mips.deb |
Debian | 7 | s390 | libcupsmime1 | < 1.5.3-5+deb7u4 | libcupsmime1_1.5.3-5+deb7u4_s390.deb |
Debian | 7 | s390x | libcups2 | < 1.5.3-5+deb7u4 | libcups2_1.5.3-5+deb7u4_s390x.deb |
Debian | 7 | amd64 | libcupsmime1-dev | < 1.5.3-5+deb7u4 | libcupsmime1-dev_1.5.3-5+deb7u4_amd64.deb |
Debian | 7 | mips | cups-ppdc | < 1.5.3-5+deb7u4 | cups-ppdc_1.5.3-5+deb7u4_mips.deb |
Debian | 7 | ia64 | cups-dbg | < 1.5.3-5+deb7u4 | cups-dbg_1.5.3-5+deb7u4_ia64.deb |