Home

CVE-2012-5519

Description

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Risk Information

Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
10.228

Associated Vulnerability

VulnerabilityOS Platform
Common UNIX Printing System(tm) (USN-1654-1) cups_1.5.3-0ubuntu8.7_i386.debLinux
Common UNIX Printing System(tm) (USN-1654-1) cups_1.5.3-0ubuntu8.7_amd64.debLinux
(RHSA-2013:0580) Moderate: cups security update cups-1.3.7-30.el5_9.3.i386.rpmLinux
(RHSA-2013:0580) Moderate: cups security update cups-1.3.7-30.el5_9.3.x86_64.rpmLinux
(RHSA-2013:0580) Moderate: cups security update cups-devel-1.3.7-30.el5_9.3.i386.rpmLinux
(RHSA-2013:0580) Moderate: cups security update cups-devel-1.3.7-30.el5_9.3.x86_64.rpmLinux
(RHSA-2013:0580) Moderate: cups security update cups-libs-1.3.7-30.el5_9.3.i386.rpmLinux
(RHSA-2013:0580) Moderate: cups security update cups-libs-1.3.7-30.el5_9.3.x86_64.rpmLinux
(RHSA-2013:0580) Moderate: cups security update cups-lpd-1.3.7-30.el5_9.3.i386.rpmLinux
(RHSA-2013:0580) Moderate: cups security update cups-lpd-1.3.7-30.el5_9.3.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-1.7.5-9.1.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-client-1.7.5-9.1.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-client-debuginfo-1.7.5-9.1.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-debuginfo-1.7.5-9.1.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-debugsource-1.7.5-9.1.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-libs-1.7.5-9.1.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-libs-32bit-1.7.5-9.1.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-libs-debuginfo-1.7.5-9.1.x86_64.rpmLinux
SUSE-SU-2015:1041-1(SUSE Linux Enterprise Desktop 12 ) cups-libs-debuginfo-32bit-1.7.5-9.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234