CUPS vulnerability

2014-07-2100:00:00

ubuntu.com

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

26.5%

JSON

Releases

Ubuntu 14.04 ESM
Ubuntu 12.04
Ubuntu 10.04

Packages

cups - Common UNIX Printing System™

Details

Francisco Alonso discovered that the CUPS web interface incorrectly
validated permissions on rss files. A local attacker could possibly use
this issue to bypass file permissions and read arbitrary files, possibly
leading to a privilege escalation.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchcups< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchcups-bsd< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchcups-client< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchcups-core-drivers< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchcups-daemon< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchcups-dbg< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchcups-ppdc< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchlibcups2< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchlibcups2-dev< 1.7.2-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchlibcupscgi1< 1.7.2-0ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	cups	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	cups-bsd	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	cups-client	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	cups-core-drivers	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	cups-daemon	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	cups-dbg	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	cups-ppdc	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	libcups2	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	libcups2-dev	< 1.7.2-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	libcupscgi1	< 1.7.2-0ubuntu1.1	UNKNOWN