CVE-2012-5519
Published: 19 November 2012
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
Notes
Author | Note |
---|---|
mdeslaur | On Ubuntu, file disclosure and corruption is limited by the AppArmor profile, which limits exposure. It still can access some important files though, such as /etc/shadow. Upstream patch moves dangerous configuration options to a second config file which is not web-editable. Although this is a good long-term solution, the changes are too intrusive for a security update. The most sensible thing to do at this time is to completely disable modifying the cupsd.conf file via the web interface. |
Priority
Status
Package | Release | Status |
---|---|---|
cups Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(1.4.3-1ubuntu1.9)
|
|
oneiric |
Released
(1.5.0-8ubuntu7.3)
|
|
precise |
Released
(1.5.3-0ubuntu5.1)
|
|
quantal |
Released
(1.6.1-0ubuntu11.3)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.debian.org/security/2013/dsa-2600 |
||
cupsys Launchpad, Ubuntu, Debian |
hardy |
Released
(1.3.7-1ubuntu3.16)
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|