CVE-2013-6891

CWE-598 documents8 sources

Severity

1.2LOW

EPSS

0.0%

top 85.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Canonical Ubuntu Linux

Timeline

PublishedJan 26

Latest updateMay 17

Description

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages2 packages

▶Debiancups< 1.7.1-1+3

▶NVDapple/cups1.7.0+2

Also affects: Ubuntu Linux 12.10, 13.04, 13.10

Patches

Patch: www.cups.org ↗Patch: www.cups.org ↗

🔴Vulnerability Details

GHSA

GHSA-r8jg-q736-v263: lppasswd in CUPS before 1↗2022-05-17

▶

CVEList

CVE-2013-6891: lppasswd in CUPS before 1↗2014-01-26

▶

OSV

CVE-2013-6891: lppasswd in CUPS before 1↗2014-01-26

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerability↗2014-01-15

▶

Red Hat

cups: lppasswd vulnerability allows data access to unprivileged user↗2013-12-19

▶

Debian

CVE-2013-6891: cups - lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local...↗2013

▶

💬Community

Bugzilla

CVE-2013-6891 cups: lppasswd vulnerability allows data access to unprivileged user↗2014-01-10

▶