CVE-2013-6891

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.7:rc1:*:*:*:*:*:*
cpe:2.3:a:apple:cups:1.7.1:b1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Information

Published : 2014-01-25 17:55

Updated : 2014-03-05 20:49


NVD link : CVE-2013-6891

Mitre link : CVE-2013-6891


JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux

apple

  • cups