Symlink Vulnerability in CUPS Affects Multiple Vendors
CVE-2014-3537

Currently unrated

Key Information:

Vendor

Apple
Status
Cups
Vendor
CVE Published:
23 July 2014

What is CVE-2014-3537?

The web interface in versions of CUPS prior to 1.7.4 contains a vulnerability that allows local users in the lp group to exploit symlink attacks. This enables these users to read arbitrary files located within the /var/cache/cups/rss/ directory, potentially leading to unauthorized access to sensitive information. System administrators are advised to apply appropriate patches and restrict user permissions to mitigate any risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/60273
third-party-advisoryx_refsource_SECUNIA
http://www.cups.org/blog.php?L724
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.