The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-06-22 13:30
Updated : 2013-05-14 20:10
NVD link : CVE-2010-2431
Mitre link : CVE-2010-2431
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
apple
- cups