lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | cups | < 1.7.1-1 | cups_1.7.1-1_all.deb |
Debian | 11 | all | cups | < 1.7.1-1 | cups_1.7.1-1_all.deb |
Debian | 10 | all | cups | < 1.7.1-1 | cups_1.7.1-1_all.deb |
Debian | 999 | all | cups | < 1.7.1-1 | cups_1.7.1-1_all.deb |
Debian | 13 | all | cups | < 1.7.1-1 | cups_1.7.1-1_all.deb |