PT-2009-2744 · Apple · Cups

Published

2009-01-27

Updated

2017-08-08

CVE-2009-0032

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CUPS versions on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0, 4.0, and Multi Network Firewall (MNF) 2.0

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

Recommendations For CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0, 4.0, and Multi Network Firewall (MNF) 2.0, consider restricting access to the temporary file /tmp/pdf.log to prevent symlink attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2009-0032

Affected Products

Cups

PT-2009-2744 · Apple · Cups

CVE-2009-0032

Weakness Enumeration

Related Identifiers

Affected Products

References · 7