lppasswd in CUPS prior to 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple cups |
||
apple cups 1.7 |
||
apple cups 1.7.1 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 13.10 |