1.9

CVE-2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
AppleCups Version <= 1.7.4
AppleCups Version1.7 Updaterc1
AppleCups Version1.7.0
AppleCups Version1.7.1
AppleCups Version1.7.1 Updateb1
AppleCups Version1.7.2
AppleCups Version1.7.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.278
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://rhn.redhat.com/errata/RHSA-2014-1388.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:108
http://advisories.mageia.org/MGASA-2014-0313.html
http://secunia.com/advisories/60787
http://secunia.com/advisories/60509
http://www.debian.org/security/2014/dsa-2990
http://www.openwall.com/lists/oss-security/2014/07/22/13
http://www.openwall.com/lists/oss-security/2014/07/22/2
http://www.ubuntu.com/usn/USN-2341-1
https://cups.org/str.php?L4455
Patch
Vendor Advisory