Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5519

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2012-5519
Last Modified 05 Jun 2013 11:23:12
Published 19 Nov 2012 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-5519

Summary

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Vulnerable Systems

Application

  • Apple Cups 1.4.4


References

XF - cups-systemgroup-priv-esc(80012)

BID - 56494

MLIST - [oss-security] 20121111 Re: Privilege escalation (lpadmin -> root) in cups

MLIST - [oss-security] 20121110 Privilege escalation (lpadmin -> root) in cups

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791

UBUNTU - USN-1654-1

REDHAT - RHSA-2013:0580

CONFIRM - http://support.apple.com/kb/HT5784

APPLE - APPLE-SA-2013-06-04-1


Last Updated: 27 May 2016 10:51:48