CVE-2014-3537CVE-2014-3537

Affected configuration(s):

cpe:/a:apple:cups:1.7:rc1
cpe:/a:apple:cups:1.7.0
cpe:/a:apple:cups:1.7.1
cpe:/a:apple:cups:1.7.1:b1
cpe:/a:apple:cups:1.7.2
cpe:/a:apple:cups:1.7.3
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:fedoraproject:fedora:20

Date published: 2014-07-23T10:55:05.883-04:00

Date last modified: 2017-01-06T22:00:05.660-05:00

CVSS Score: 1.2

Principal attack vector: LOCAL

Complexity:  HIGH

Reference URL: http://advisories.mageia.org/MGASA-2014-0313.html

Summary: The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.