Описание
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
A flaw was found in the way the cupsGetFile() and cupsPutFile() functions of cups-pk-helper checked user IDs. If a local attacker performed a symbolic link attack, and was able to trick a CUPS administrator into approving the file transmission, the attacker could possibly use this flaw to access or modify certain system files, potentially leading to privilege escalation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | cups-pk-helper | Will not fix | ||
| Red Hat Enterprise Linux 7 | cups-pk-helper | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS2
Связанные уязвимости
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile ...
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации
EPSS
5.6 Medium
CVSS2