The web interface in CUPS prior to 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple cups 1.7.0 |
||
apple cups 1.7.1 |
||
apple cups 1.7 |
||
apple cups 1.7.2 |
||
apple cups |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
fedoraproject fedora 20 |
||
canonical ubuntu linux 10.04 |