Your submission was sent successfully! Close

CVE-2010-2431

Published: 22 June 2010

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.

Priority

Low

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty
Released (1.3.9-17ubuntu3.9)
karmic
Released (1.4.1-5ubuntu2.6)
lucid
Released (1.4.3-1ubuntu1.2)
maverick Not vulnerable
(1.4.4-1)
upstream
Released (1.4.4)
cupsys
Launchpad, Ubuntu, Debian
dapper
Released (1.2.2-0ubuntu0.6.06.19)
hardy
Released (1.3.7-1ubuntu3.11)
jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream
Released (1.4.4)