CVE-2014-5029 – cups: Incomplete fix for CVE-2014-3537
https://notcve.org/view.php?id=CVE-2014-5029
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. La interfaz web en CUPS 1.7.4 permite a usuarios locales en el grupo lp leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /var/cache/cups/rss/ y language[0] configurado a nulo. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-3537. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. • http://advisories.mageia.org/MGASA-2014-0313.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/60509 http://secunia.com/advisories/60787 http://www.debian.org/security/2014/dsa-2990 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/07/22/13 http://www.openwall.com/lists/oss-security/2014/07/22/2 http://www.ubuntu.com/usn/USN-2341-1 https://cups.org/str.php • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2014-3537 – cups: insufficient checking leads to privilege escalation
https://notcve.org/view.php?id=CVE-2014-3537
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. La interfaz web en CUPS anterior a 1.7.4 permite a usuarios locales en el grupo lp leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /var/cache/cups/rss/. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. • http://advisories.mageia.org/MGASA-2014-0313.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/59945 http://secunia.com/advisories/60273 http://secunia.com/advisories/60787 http://www.cups.org/blog.php?L724 http://www.cups.org/str.php?L4450 http://www.mandriva.com/security/advisories?name=MDVSA-2015 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2014-2856 – cups: cross-site scripting flaw fixed in the 1.7.2 release
https://notcve.org/view.php?id=CVE-2014-2856
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. Vulnerabilidad de XSS en scheduler/client.c en Common Unix Printing System (CUPS) anterior a 1.7.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de la ruta de URL, relacionado con la función is_path_absolute. A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. • http://advisories.mageia.org/MGASA-2014-0193.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/57880 http://www.cups.org/documentation.php/relnotes.html http://www.cups.org/str.php?L4356 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/04/14/2 http://www.openwall.com/lists/oss-security/2014/04/15/3 http://www.securityfocus.com/bid/66788 http://www.ubuntu.com/u • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6891
https://notcve.org/view.php?id=CVE-2013-6891
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. lppasswd en CUPS anteriores a 1.7.1, cuando se ejecuta con privilegios setuid, permite a usuarios locales leer porciones de archivos arbitrarios a través de una variable de entorno HOME modificada y un ataque symlink que involucra .cups/client.conf • http://advisories.mageia.org/MGASA-2014-0021.html http://secunia.com/advisories/56531 http://www.cups.org/blog.php?L704 http://www.cups.org/str.php?L4319 http://www.mandriva.com/security/advisories?name=MDVSA-2014:015 http://www.ubuntu.com/usn/USN-2082-1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2012-6094
https://notcve.org/view.php?id=CVE-2012-6094
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system La opción "Listen localhost:631" de cups (Common Unix Printing System) no acepto correctamente, que podría proporcionar acceso no autorizado al sistema. • http://www.openwall.com/lists/oss-security/2013/01/04/5 http://www.securityfocus.com/bid/57158 https://access.redhat.com/security/cve/cve-2012-6094 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6094 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6094 https://exchange.xforce.ibmcloud.com/vulnerabilities/82451 https://security-tracker.debian.org/tracker/CVE-2012-6094 • CWE-863: Incorrect Authorization •