Lucene search

K

[email protected]NVD:CVE-2012-5519

HistoryNov 20, 2012 - 12:55 a.m.

CVE-2012-5519

2012-11-2000:55:01

CWE-264

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.3%

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Affected configurations

NVD

Node

applecupsMatch1.4.4

OR

debiandebian_linux

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791

lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html

rhn.redhat.com/errata/RHSA-2013-0580.html

support.apple.com/kb/HT5784

www.openwall.com/lists/oss-security/2012/11/10/5

www.openwall.com/lists/oss-security/2012/11/11/2

www.openwall.com/lists/oss-security/2012/11/11/5

www.securityfocus.com/bid/56494

www.ubuntu.com/usn/USN-1654-1

exchange.xforce.ibmcloud.com/vulnerabilities/80012

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.3%

Related for NVD:CVE-2012-5519

nessus19 ubuntucve1 openvas25 redhat1 oraclelinux1 amazon1 securityvulns4 centos1 gentoo1 cve1 osv1 veracode1 fedora2 ubuntu1 debian1 prion1 debiancve1 cvelist1 suse4