Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.121169
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 201404-01
Summary:Gentoo Linux Local Security Checks GLSA 201404-01
Description:Summary:
Gentoo Linux Local Security Checks GLSA 201404-01

Vulnerability Insight:
Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some dangerous directives (like the logfilenames), which enable them to read or write files as the user running the CUPS webserver.

Solution:
Update the affected packages to the latest available version.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5519
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
BugTraq ID: 56494
http://www.securityfocus.com/bid/56494
http://www.openwall.com/lists/oss-security/2012/11/10/5
http://www.openwall.com/lists/oss-security/2012/11/11/2
http://www.openwall.com/lists/oss-security/2012/11/11/5
RedHat Security Advisories: RHSA-2013:0580
http://rhn.redhat.com/errata/RHSA-2013-0580.html
SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
http://www.ubuntu.com/usn/USN-1654-1
XForce ISS Database: cups-systemgroup-priv-esc(80012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80012
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.