Local File Read Vulnerability in CUPS Affects Multiple Linux Distributions
CVE-2014-5029

Currently unrated

Key Information:

Vendor

Apple
Status
Cups
Vendor
CVE Published:
29 July 2014

What is CVE-2014-5029?

The web interface in CUPS version 1.7.4 is susceptible to a local file read vulnerability. This issue enables users within the lp group to exploit a symlink attack. By modifying the language setting to null, they can read arbitrary files from the directory /var/cache/cups/rss/. This vulnerability primarily arose due to an incomplete fix for a previous vulnerability. The exploitation of this vulnerability can lead to unauthorized access to sensitive information stored within the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cups.org/str.php?L4455
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2341-1
vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2014/07/22/13
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.