CVE-2002-1366 — Race Condition in Software Products Cups

7 documents7 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 74.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Apple MAC OS X Easy Software Products Cups

Timeline

PublishedDec 26

Latest updateApr 30

Description

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages3 packages

▶Debianapple/cups< 1.1.18-1+3

▶NVDeasy_software_products/cups9 versions+8

▶NVDapple/mac_os_x10.2, 10.2.2+1

🔴Vulnerability Details

GHSA

GHSA-qq4v-v49x-w99c: Common Unix Printing System (CUPS) 1↗2022-04-30

▶

CVEList

CVE-2002-1366: Common Unix Printing System (CUPS) 1↗2004-09-01

▶

OSV

CVE-2002-1366: Common Unix Printing System (CUPS) 1↗2002-12-26

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-12-19

▶

Debian

CVE-2002-1366: cups - Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with...↗2002

▶

💬Community

Bugzilla

CVE-2002-1366 security flaw↗2018-08-16

▶