PT-2010-4012 · Apple+1 · Cups+1

Vincent Danen

Publicado

2010-06-22

Atualizado

2013-05-15

CVE-2010-2431

CVSS v2.0

2.6

Baixa

Vetor

AV:L/AC:H/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.4.4

Description The issue allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/remote.cache or /var/cache/cups/job.cache file. This is due to a flaw in the cupsFileOpen function.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the cupsFileOpen function or the /var/cache/cups/ directory to minimize the risk of exploitation.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2010-2431

DSA-2176-1

RHSA-2010:0811

RHSA-2010_0811

Produtos afetados

Cups

Red Hat

PT-2010-4012 · Apple+1 · Cups+1

CVE-2010-2431

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25