CVE-2012-5519

CUPS 1.4.4 - Arbitrary File Read and Write via Web Interface Key Permissions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5519. PoCs published by p1ckzi.

AI-analyzed exploit summary This is a bash script that exploits CVE-2012-5519 in CUPS (Common UNIX Printing System) versions < 1.6.2. It allows users in the lpadmin group to read arbitrary files as root by manipulating the ErrorLog path via the cupsctl command and then accessing the log through the CUPS web interface.

Description

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Exploits (1)

nomisec WORKING POC 9 stars

by p1ckzi · poc

https://github.com/p1ckzi/CVE-2012-5519

View Code ZIP pw:eip

This is a bash script that exploits CVE-2012-5519 in CUPS (Common UNIX Printing System) versions < 1.6.2. It allows users in the lpadmin group to read arbitrary files as root by manipulating the ErrorLog path via the cupsctl command and then accessing the log through the CUPS web interface.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: CUPS < 1.6.2

Auth required

Prerequisites: linux system · bash · curl · user must be in the lpadmin group · CUPS < 1.6.2 must be installed and running

MITRE ATT&CK