Local File Read Vulnerability in CUPS Affects Multiple Linux Distributions
CVE-2014-5029

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 29 July 2014

What is CVE-2014-5029?

The web interface in CUPS version 1.7.4 is susceptible to a local file read vulnerability. This issue enables users within the lp group to exploit a symlink attack. By modifying the language setting to null, they can read arbitrary files from the directory /var/cache/cups/rss/. This vulnerability primarily arose due to an incomplete fix for a previous vulnerability. The exploitation of this vulnerability can lead to unauthorized access to sensitive information stored within the system.

References

https://cups.org/str.php?L4455

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-2341-1

vendor-advisoryx_refsource_UBUNTU

http://www.openwall.com/lists/oss-security/2014/07/22/13

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2014
Vulnerability Reserved
Jul 22, 2014

Apple

What is CVE-2014-5029?

References

Timeline