CVE-2012-5519
published 2012-11-20CVE-2012-5519: CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using…
high7.2CVSS 3.1
AVLACLAuNCCICAC
EXPLOIT
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | — | — |
| apple | cups | >= 0 < 1.5.3-2.7 | 1.5.3-2.7 |
| apple | cups | >= 0 < 1.5.3-2.7 | 1.5.3-2.7 |
| apple | cups | >= 0 < 1.5.3-2.7 | 1.5.3-2.7 |
| apple | cups | >= 0 < 1.5.3-2.7 | 1.5.3-2.7 |
| debian | cups | < cups 1.5.3-2.7 (bookworm) | cups 1.5.3-2.7 (bookworm) |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH