Published: 20/11/2012 Updated: 13/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple cups 1.4.4

Synopsis Moderate: cups security update Type/Severity Security Advisory: Moderate Topic Updated cups packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability S ...

Debian Bug report logs - #692791 members of lpadmin can read every file on server via cups Package: cups; Maintainer for cups is Debian Printing Team <debian-printing@listsdebianorg>; Source for cups is src:cups (PTS, buildd, popcon) Reported by: Jörg Ludwig <joergludwig@iserveu> Date: Thu, 8 Nov 2012 22:48:02 ...

CUPS could be made to read files or run programs as an administrator ...

Jann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges This update splits the configuration file /etc/cups/cupsdconf into ...

It was discovered that CUPS administrative users (members of the SystemGroups groups) who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them ...

cups-root-file-read.sh | CVE-2012-5519

cups-root-file-readsh ⭐ a bash implementation of the metasploit 'cups_root_file_readrb' module designed for pentesting and CTFs mainly a short exercise in bash scripting intended to be a self-contained program that exploits CVE-2012-5519 on linux systems; it provides the user with an interactive prompt, allowing them to quickly read multiple restricted files th

cups-root-file-read.sh | CVE-2012-5519

cups-root-file-readsh ⭐ a bash implementation of the metasploit 'cups_root_file_readrb' module designed for pentesting and CTFs mainly a short exercise in bash scripting intended to be a self-contained program that exploits CVE-2012-5519 on linux systems; it provides the user with an interactive prompt, allowing them to quickly read multiple restricted files th

CWE-264 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791 http://www.openwall.com/lists/oss-security/2012/11/11/5 http://www.securityfocus.com/bid/56494 http://www.openwall.com/lists/oss-security/2012/11/11/2 http://www.openwall.com/lists/oss-security/2012/11/10/5 http://www.ubuntu.com/usn/USN-1654-1 http://rhn.redhat.com/errata/RHSA-2013-0580.html http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html https://exchange.xforce.ibmcloud.com/vulnerabilities/80012 https://access.redhat.com/errata/RHSA-2013:0580 https://usn.ubuntu.com/1654-1/https://nvd.nist.gov

CVE-2012-5519

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect