PT-2014-1769 · Apple+5 · Cups+5

Salvatore Bonaccorso

Publicado

2014-07-23

Atualizado

2024-06-15

CVE-2014-5030

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 2.0

Description The issue allows local users to read arbitrary files via a symlink attack on various index files, including index.html, index.class, index.pl, index.php, index.pyc, or index.py. Additionally, multiple vulnerabilities in the CUPS package of the Debian GNU/Linux operating system can lead to a breach of protected information, and exploitation can be carried out remotely.

Recommendations For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the index files to minimize the risk of exploitation.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

ALT-PU-2014-2057

BDU:2015-01463

CESA-2014_1388

CVE-2014-5030

DLA-0022-1

DSA-2990-1

MGASA-2014-0313

OPENSUSE-SU-2024:10075-1

RHSA-2014:1388

RHSA-2014_1388

SUSE-SU-2015:0575-1

SUSE-SU-2015:1011-1

USN-2341-1

Produtos afetados

Alt Linux

Cups

Centos

Red Hat

Suse

Ubuntu

PT-2014-1769 · Apple+5 · Cups+5

CVE-2014-5030

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 67