CVE-2014-3537

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 23 July 2014

Summary

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/60273

third-party-advisoryx_refsource_SECUNIA

http://www.cups.org/blog.php?L724

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 23, 2014
Vulnerability Reserved
May 14, 2014