CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2012-11-20T00:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-10-24T00:00:00
Link: CVE-2012-5519
JSON object: View
NVD Information
Status : Modified
Published: 2012-11-20T00:55:01.337
Modified: 2023-02-13T00:26:43.897
Link: CVE-2012-5519
JSON object: View
Redhat Information
No data.
CWE