PT-2014-1767 · Apple+5 · Cups+5

Publicado

2014-07-17

Atualizado

2024-06-15

CVE-2014-3537

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.7.4

Description The issue allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. Multiple vulnerabilities in the CUPS package of the Debian GNU/Linux operating system can lead to a breach of protected information, and exploitation can be carried out remotely.

Recommendations For versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/cache/cups/rss/ directory to minimize the risk of exploitation.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

ALT-PU-2014-2057

BDU:2015-01463

CESA-2014_1388

CVE-2014-3537

DLA-0022-1

DSA-2990-1

MGASA-2014-0313

OPENSUSE-SU-2024:10075-1

RHSA-2014:1388

RHSA-2014_1388

SUSE-SU-2014_1022-1

SUSE-SU-2015:0575-1

SUSE-SU-2015:1011-1

USN-2293-1

Produtos afetados

Alt Linux

Cups

Centos

Red Hat

Suse

Ubuntu

PT-2014-1767 · Apple+5 · Cups+5

CVE-2014-3537

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 77