Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-5029

Опубликовано: 22 июл. 2014
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system.

Отчет

This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5cupsWill not fix
Red Hat Enterprise Linux 6cupsFixedRHSA-2014:138813.10.2014
Red Hat Enterprise Linux 7cupsFixedRHBA-2015:038605.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=1122600cups: Incomplete fix for CVE-2014-3537

EPSS

Процентиль: 15%
0.00049
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-5029

ubuntu
около 11 лет назад

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

nvd логотип

CVE-2014-5029

nvd
около 11 лет назад

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

debian логотип

CVE-2014-5029

debian
около 11 лет назад

The web interface in CUPS 1.7.4 allows local users in the lp group to ...

github логотип

GHSA-jxpq-c7wx-p6h2

github
больше 3 лет назад

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

fstec логотип

BDU:2015-01463

fstec
около 11 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

EPSS

Процентиль: 15%
0.00049
Низкий

5 Medium

CVSS2