PT-2014-1767 · Apple+5 · Cups+5

Published

2014-07-17

Updated

2024-06-15

CVE-2014-3537

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.7.4

Description The issue allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. Multiple vulnerabilities in the CUPS package of the Debian GNU/Linux operating system can lead to a breach of protected information, and exploitation can be carried out remotely.

Recommendations For versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/cache/cups/rss/ directory to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2014-2057

BDU:2015-01463

CESA-2014_1388

CVE-2014-3537

DLA-0022-1

DSA-2990-1

MGASA-2014-0313

OPENSUSE-SU-2024:10075-1

RHSA-2014:1388

RHSA-2014_1388

SUSE-SU-2014_1022-1

SUSE-SU-2015:0575-1

SUSE-SU-2015:1011-1

USN-2293-1

Affected Products

Alt Linux

Cups

Centos

Red Hat

Suse

Ubuntu

PT-2014-1767 · Apple+5 · Cups+5

CVE-2014-3537

Weakness Enumeration

Related Identifiers

Affected Products

References · 77