CVE-2013-6891

CUPS < 1.7.1 - Arbitrary File Read via Symlink Attack on .cups/client.conf

Title source: llm
STIX 2.1

Description

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

References (6)

Core 6
Core References
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0021.html
Various Sources x_refsource_confirm
http://www.cups.org/blog.php?L704
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2082-1
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:015
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56531
Exploit, Patch x_refsource_confirm
http://www.cups.org/str.php?L4319

Scores

EPSS 0.0045
EPSS Percentile 35.4%

Details

CWE
CWE-59
Status published
Products (6)
apple/cups 1.7 rc1
apple/cups 1.7.1 b1
apple/cups < 1.7.0
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.04
canonical/ubuntu_linux 13.10
Published Jan 26, 2014
Tracked Since Feb 18, 2026