2 matches found
SUSE CVE-2013-6891
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf...
Ubuntu 12.10 / 13.04 / 13.10 : cups vulnerability (USN-2082-1)
Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions. Note that Tenable Network Security has extracted the preceding...