CUPS vulnerabilities

2014-09-0800:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.7

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

Releases

Ubuntu 14.04 ESM
Ubuntu 12.04
Ubuntu 10.04

Packages

cups - Common UNIX Printing System™

Details

Salvatore Bonaccorso discovered that the CUPS web interface incorrectly
validated permissions and incorrectly handled symlinks. An attacker could
possibly use this issue to bypass file permissions and read arbitrary
files, possibly leading to a privilege escalation.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchcups< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchcups-bsd< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchcups-client< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchcups-core-drivers< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchcups-daemon< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchcups-dbg< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchcups-ppdc< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchlibcups2< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchlibcups2-dev< 1.7.2-0ubuntu1.2UNKNOWN
Ubuntu14.04noarchlibcupscgi1< 1.7.2-0ubuntu1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	cups	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	cups-bsd	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	cups-client	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	cups-core-drivers	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	cups-daemon	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	cups-dbg	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	cups-ppdc	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	libcups2	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	libcups2-dev	< 1.7.2-0ubuntu1.2	UNKNOWN
Ubuntu	14.04	noarch	libcupscgi1	< 1.7.2-0ubuntu1.2	UNKNOWN