Symlink Vulnerability in CUPS Affects Multiple Vendors
CVE-2014-3537

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 23 July 2014

Summary

The web interface in versions of CUPS prior to 1.7.4 contains a vulnerability that allows local users in the lp group to exploit symlink attacks. This enables these users to read arbitrary files located within the /var/cache/cups/rss/ directory, potentially leading to unauthorized access to sensitive information. System administrators are advised to apply appropriate patches and restrict user permissions to mitigate any risks associated with this vulnerability.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/60273

third-party-advisoryx_refsource_SECUNIA

http://www.cups.org/blog.php?L724

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 23, 2014
Vulnerability Reserved
May 14, 2014