Lucene search

K
debianDebianDEBIAN:DLA-0022-1:A7A04
HistoryJul 31, 2014 - 7:47 a.m.

[DLA-0022-1] cups security update

2014-07-3107:47:54
lists.debian.org
22

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

8.5

Confidence

High

EPSS

0.005

Percentile

77.0%

Debian Security Advisory DLA-0022-1
https://wiki.debian.org/LTS


Package : cups
Version : 1.4.4-7+squeeze6
CVE ID : CVE-2014-3537
CVE-2014-5029
CVE-2014-5030
CVE-2014-5031

It was discovered that the web interface in CUPS, the Common UNIX
Printing System, incorrectly validated permissions on rss files and
directory index files. A local attacker could possibly use this issue
to bypass file permissions and read arbitrary files, possibly leading
to a privilege escalation.Attachment:
signature.asc
Description: This is a digitally signed message part.

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

8.5

Confidence

High

EPSS

0.005

Percentile

77.0%