lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2014-01-25 17:55
Updated : 2014-03-05 20:49
NVD link : CVE-2013-6891
Mitre link : CVE-2013-6891
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
canonical
- ubuntu_linux
apple
- cups