CVE-2012-5519
5.9 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
45.7%
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:cups | apple cups | eq | 1.4.4 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791
lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
rhn.redhat.com/errata/RHSA-2013-0580.html
support.apple.com/kb/HT5784
www.openwall.com/lists/oss-security/2012/11/10/5
www.openwall.com/lists/oss-security/2012/11/11/2
www.openwall.com/lists/oss-security/2012/11/11/5
www.securityfocus.com/bid/56494
www.ubuntu.com/usn/USN-1654-1
exchange.xforce.ibmcloud.com/vulnerabilities/80012
Social References
More
Related
5.9 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
45.7%