CVE-2010-0393

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 5 March 2010

Summary

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.

References

http://www.cups.org/str.php?L3482

x_refsource_MISC

http://www.ubuntu.com/usn/USN-906-1

vendor-advisoryx_refsource_UBUNTU

http://www.securityfocus.com/bid/38524

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 5, 2010
Vulnerability Reserved
Jan 27, 2010