Privilege Escalation Vulnerability in CUPS Products by Apple
CVE-2013-6476

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux; Fedora
Vendor: CVE Published:; 14 March 2014

Summary

The OPVPWrapper::loadDriver function in the pdftoopvp filter within CUPS and cups-filters prior to version 1.0.47 is susceptible to exploitation. Local users can place a malicious driver within the same directory as a PDF file, potentially leading to unprivileged privilege escalation. This flaw poses a significant security risk, allowing unauthorized access to system functions by manipulating the driver loading process.

References

http://www.ubuntu.com/usn/USN-2144-1

vendor-advisoryx_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1027551

x_refsource_CONFIRM

http://www.debian.org/security/2014/dsa-2876

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Mar 14, 2014
Vulnerability Reserved
Nov 4, 2013