Page 21 of 521 results (0.019 seconds)

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-5030 – cups: allows local users to read arbitrary files via a symlink attack

https://notcve.org/view.php?id=CVE-2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. CUPS anterior a 2.0 permite a usuarios locales leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc o (6) index.py. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. • http://advisories.mageia.org/MGASA-2014-0313.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/60509 http://secunia.com/advisories/60787 http://www.debian.org/security/2014/dsa-2990 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/07/22/13 http://www.openwall.com/lists/oss-security/2014/07/22/2 http://www.ubuntu.com/usn/USN-2341-1 https://cups.org/str.php • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-5031 – cups: world-readable permissions

https://notcve.org/view.php?id=CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. La interfaz web en CUPS anterior a 2.0 no comprueba que los ficheros tienen permisos de lectura universal, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. • http://advisories.mageia.org/MGASA-2014-0313.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/60509 http://secunia.com/advisories/60787 http://www.debian.org/security/2014/dsa-2990 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/07/22/13 http://www.openwall.com/lists/oss-security/2014/07/22/2 http://www.ubuntu.com/usn/USN-2341-1 https://cups.org/str.php • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-5029 – cups: Incomplete fix for CVE-2014-3537

https://notcve.org/view.php?id=CVE-2014-5029

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. La interfaz web en CUPS 1.7.4 permite a usuarios locales en el grupo lp leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /var/cache/cups/rss/ y language[0] configurado a nulo. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-3537. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. • http://advisories.mageia.org/MGASA-2014-0313.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/60509 http://secunia.com/advisories/60787 http://www.debian.org/security/2014/dsa-2990 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/07/22/13 http://www.openwall.com/lists/oss-security/2014/07/22/2 http://www.ubuntu.com/usn/USN-2341-1 https://cups.org/str.php • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-3537 – cups: insufficient checking leads to privilege escalation

https://notcve.org/view.php?id=CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. La interfaz web en CUPS anterior a 1.7.4 permite a usuarios locales en el grupo lp leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /var/cache/cups/rss/. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. • http://advisories.mageia.org/MGASA-2014-0313.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/59945 http://secunia.com/advisories/60273 http://secunia.com/advisories/60787 http://www.cups.org/blog.php?L724 http://www.cups.org/str.php?L4450 http://www.mandriva.com/security/advisories?name=MDVSA-2015 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 3

CVE-2014-4699 – Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. El kernel de Linux anterior a 3.15.4 en los procesadores Intel no restringe debidamente el uso de un valor no canónico para la dirección RIP guardada en el caso de una llamada del sistema que no utilice IRET, lo que permite a usuarios locales aprovechar una condición de carrera y ganar privilegios, o causar una denegación de servicio (fallo doble), a través de una aplicación manipulada que realice llamadas de sistemas ptrace y fork. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU. • https://www.exploit-db.com/exploits/34134 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a http://linux.oracle.com/errata/ELSA-2014-0924.html http://linux.oracle.com/errata/ELSA-2014-3047.html http://linux.oracle.com/errata/ELSA-2014-3048.html http://openwall.com/lists/oss-security/2014/07/05/4 http://openwall.com/lists/oss-security/2014/07/08/16 http://openwall.com/lists/oss-security/2014/07/08 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-642: External Control of Critical State Data •