CVE-2014-5030
Published: 29 July 2014
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
Notes
| Author | Note |
|---|---|
| mdeslaur | The patch below introduces a regression preventing the web interface from being able to read log files. (See comments in bug 4455.) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cups Launchpad, Ubuntu, Debian |
lucid |
Released
(1.4.3-1ubuntu1.13)
|
| precise |
Released
(1.5.3-0ubuntu8.5)
|
|
| trusty |
Released
(1.7.2-0ubuntu1.2)
|
|
| upstream |
Released
(1.7.4-5)
|
|
|
Patches: upstream: https://cups.org/strfiles.php/3371/str4455-1.7.patch |
||