Lucene search

[email protected]NVD:CVE-2010-2431

HistoryJun 22, 2010 - 8:30 p.m.

CVE-2010-2431

2010-06-2220:30:01

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

2.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:N/I:P/A:P

AI Score

8.2

Confidence

High

EPSS

Percentile

5.1%

JSON

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.

Affected configurations

Nvd

Node

applecupsRange≤1.4.3

applecupsMatch1.1

applecupsMatch1.1.1

applecupsMatch1.1.2

applecupsMatch1.1.3

applecupsMatch1.1.4

applecupsMatch1.1.5

applecupsMatch1.1.5-1

applecupsMatch1.1.5-2

applecupsMatch1.1.6

applecupsMatch1.1.6-1

applecupsMatch1.1.6-2

applecupsMatch1.1.6-3

applecupsMatch1.1.7

applecupsMatch1.1.8

applecupsMatch1.1.9

applecupsMatch1.1.9-1

applecupsMatch1.1.10

applecupsMatch1.1.10-1

applecupsMatch1.1.11

applecupsMatch1.1.12

applecupsMatch1.1.13

applecupsMatch1.1.14

applecupsMatch1.1.15

applecupsMatch1.1.16

applecupsMatch1.1.17

applecupsMatch1.1.18

applecupsMatch1.1.19

applecupsMatch1.1.19rc1

applecupsMatch1.1.19rc2

applecupsMatch1.1.19rc3

applecupsMatch1.1.19rc4

applecupsMatch1.1.19rc5

applecupsMatch1.1.20

applecupsMatch1.1.20rc1

applecupsMatch1.1.20rc2

applecupsMatch1.1.20rc3

applecupsMatch1.1.20rc4

applecupsMatch1.1.20rc5

applecupsMatch1.1.20rc6

applecupsMatch1.1.21

applecupsMatch1.1.21rc1

applecupsMatch1.1.21rc2

applecupsMatch1.1.22

applecupsMatch1.1.22rc1

applecupsMatch1.1.22rc2

applecupsMatch1.1.23

applecupsMatch1.1.23rc1

applecupsMatch1.2b1

applecupsMatch1.2b2

applecupsMatch1.2rc1

applecupsMatch1.2rc2

applecupsMatch1.2rc3

applecupsMatch1.2.0

applecupsMatch1.2.1

applecupsMatch1.2.2

applecupsMatch1.2.3

applecupsMatch1.2.4

applecupsMatch1.2.5

applecupsMatch1.2.6

applecupsMatch1.2.7

applecupsMatch1.2.8

applecupsMatch1.2.9

applecupsMatch1.2.10

applecupsMatch1.2.11

applecupsMatch1.2.12

applecupsMatch1.3b1

applecupsMatch1.3rc1

applecupsMatch1.3rc2

applecupsMatch1.3.0

applecupsMatch1.3.1

applecupsMatch1.3.2

applecupsMatch1.3.3

applecupsMatch1.3.4

applecupsMatch1.3.5

applecupsMatch1.3.6

applecupsMatch1.3.7

applecupsMatch1.3.8

applecupsMatch1.3.9

applecupsMatch1.3.10

applecupsMatch1.3.11

applecupsMatch1.4.0

applecupsMatch1.4.1

applecupsMatch1.4.2

References

cups.org/articles.php?L596

cups.org/str.php?L3510

rhn.redhat.com/errata/RHSA-2010-0811.html

secunia.com/advisories/43521

security.gentoo.org/glsa/glsa-201207-10.xml

www.debian.org/security/2011/dsa-2176

www.mandriva.com/security/advisories?name=MDVSA-2010:232

www.mandriva.com/security/advisories?name=MDVSA-2010:234

www.vupen.com/english/advisories/2010/2856

www.vupen.com/english/advisories/2011/0535

bugzilla.redhat.com/show_bug.cgi?id=605397

CVSS2

2.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:N/I:P/A:P

AI Score

8.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2010-2431

debiancve1 ubuntucve1 cvelist1 veracode1 prion1 cve1 nessus11 redhat1 openvas10 oraclelinux1 centos1 debian1 osv1 gentoo1