Your submission was sent successfully! Close

CVE-2014-5030

Published: 29 July 2014

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

Priority

Medium

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
lucid
Released (1.4.3-1ubuntu1.13)
precise
Released (1.5.3-0ubuntu8.5)
trusty Does not exist
(trusty was released [1.7.2-0ubuntu1.2])
upstream
Released (1.7.4-5)

Notes

AuthorNote
mdeslaur
The patch below introduces a regression preventing the web
interface from being able to read log files. (See comments in
bug 4455.)

References

Bugs