A Incorrect Default Permissions vulnerability in the packaging of cups of
SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE
OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local
attackers with control of the lp users to create files as root with 0644
permissions without the ability to set the content. This issue affects:
SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE
Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud
Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions
prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior
versions.
Author | Note |
---|---|
mdeslaur | in Debian and Ubuntu, /var/log/cups is owned by root:root |