6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.5%
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
CPE | Name | Operator | Version |
---|---|---|---|
apple:cups | apple cups | eq | 1.2.2 |
apple:cups | apple cups | eq | 1.3.7 |
apple:cups | apple cups | eq | 1.3.9 |
apple:cups | apple cups | eq | 1.4.1 |
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
security.gentoo.org/glsa/glsa-201207-10.xml
support.apple.com/kb/HT4077
www.cups.org/str.php?L3482
www.mandriva.com/security/advisories?name=MDVSA-2010:072
www.mandriva.com/security/advisories?name=MDVSA-2010:073
www.securityfocus.com/bid/38524
www.ubuntu.com/usn/USN-906-1
bugzilla.redhat.com/show_bug.cgi?id=558460