1.5 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:P/I:N/A:N
cups is vulnerable to information disclosure. The vulnerability exists as the web interface allows local users in the Ip group to read arbitrary files through symlinks. This vulnerability exists through an incomplete fix for CVE-2014-3537.
advisories.mageia.org/MGASA-2014-0313.html
rhn.redhat.com/errata/RHSA-2014-1388.html
secunia.com/advisories/60509
secunia.com/advisories/60787
www.debian.org/security/2014/dsa-2990
www.mandriva.com/security/advisories?name=MDVSA-2015:108
www.openwall.com/lists/oss-security/2014/07/22/13
www.openwall.com/lists/oss-security/2014/07/22/2
www.ubuntu.com/usn/USN-2341-1
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1012482
bugzilla.redhat.com/show_bug.cgi?id=978387
cups.org/str.php?L4455
rhn.redhat.com/errata/RHSA-2014-1388.html