Main Vulnerability Database SB2014040705

SB2014040705 - Gentoo update for CUPS

Published: April 7, 2014 Updated: June 15, 2023

Security Bulletin ID SB2014040705

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-5519)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/
https://security.gentoo.org/glsa/201404-01