Описание
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
Отчет
Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 5 and 6 as they did not ship with an suid-root lppasswd binary.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | cups | Not affected | ||
| Red Hat Enterprise Linux 6 | cups | Not affected | ||
| Red Hat Enterprise Linux 7 | cups | Not affected |
Показывать по
Дополнительная информация
Статус:
1.2 Low
CVSS2
Связанные уязвимости
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
lppasswd in CUPS before 1.7.1, when running with setuid privileges, al ...
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
1.2 Low
CVSS2