CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
77.0%
In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain ‘@SYSTEM’ group privilege with cupsd (CVE-2014-3537). It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation (CVE-2014-5029, CVE-2014-5030, CVE-2014-5031).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | cups | < 1.5.4-9.4 | cups-1.5.4-9.4.mga3 |
Mageia | 4 | noarch | cups | < 1.7.0-7.3 | cups-1.7.0-7.3.mga4 |