1.2
CVE-2013-6891
- EPSS 0.45%
- Veröffentlicht 26.01.2014 01:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.04
Canonical ≫ Ubuntu Linux Version13.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.354 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.2 | 1.9 | 2.9 |
AV:L/AC:H/Au:N/C:P/I:N/A:N
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
http://advisories.mageia.org/MGASA-2014-0021.html
http://secunia.com/advisories/56531
http://www.cups.org/blog.php?L704
http://www.cups.org/str.php?L4319
http://www.mandriva.com/security/advisories?name=MDVSA-2014:015
http://www.ubuntu.com/usn/USN-2082-1