4 matches found
Advisory ROSA-SA-2021-1816
Software: cups 1.6.3 OS: Cobalt 7.9 CVE-ID: CVE-2013-6891 CVE-Crit: HIGH CVE-DESC: lppasswd in CUPS before 1.7.1 when run with setuid privileges allows local users to read parts of arbitrary files via modified HOME environment variable and symbolic link attack using .cups / client.conf. CVE-STATU...
CVE-2013-6891
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf...
CVE-2013-6891
CVE-2013-6891 affects CUPS prior to 1.7.1. The lppasswd tool, when run with setuid, allows local users to read portions of arbitrary files via a crafted HOME environment and a symlink attack on .cups/client.conf. Impact is local information disclosure; there is no remote code execution stated. Th...
Updated cups packages fix a security vulverability
Updated cups packages fix security vulnerability: Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions CVE-2013-6891...