CVE-2014-5029

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 29 July 2014

Summary

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

References

https://cups.org/str.php?L4455

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-2341-1

vendor-advisoryx_refsource_UBUNTU

http://www.openwall.com/lists/oss-security/2014/07/22/13

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jul 29, 2014
Vulnerability Reserved
Jul 22, 2014