Summary
It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
Solution
For the stable distribution (wheezy), these problems have been fixed in version 1.5.3-5+deb7u4.
For the unstable distribution (sid), these problems have been fixed in version 1.7.4-2.
We recommend that you upgrade your cups packages.
Insight
The Common UNIX Printing System (or CUPS(tm)) is a printing system and general replacement for lpd and the like. It supports the Internet Printing Protocol (IPP), and has its own filtering driver model for handling various document types.
Affected
cups on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities