drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in CUPS
Name: |
Überschreiben von Dateien in CUPS |
|
ID: |
201404-01 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 7. April 2014, 15:07 |
|
Referenzen: |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5519 |
|
Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --C23WHb8pNnTu8UoxoPREpAK0Rj9MnAeUw Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201404-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: CUPS: Arbitrary file read/write Date: April 07, 2014 Bugs: #442926 ID: 201404-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
A vulnerability in CUPS may allow for arbitrary file access.
Background ==========
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.6.2-r5 >= 1.6.2-r5
Description ===========
Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some âdangerousâ directives (like the log filenames), which enable them to read or write files as the user running the CUPS webserver.
Impact ======
A local attacker could possibly exploit this vulnerability to read or write files as the user running the CUPS webserver.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All CUPS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.6.2-r5"
References ==========
[ 1 ] CVE-2012-5519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5519
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201404-01.xml
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--C23WHb8pNnTu8UoxoPREpAK0Rj9MnAeUw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTQlatAAoJECo/aRed92678XQH/ixDq2kVcYZRltNSwlHBy3Yf dFgETymP+Q/C1XapMEaWVOHgk4AFGoAzjRePiYVjkolrNGwwkcQFCa6geNJ0edDM hwwfW0JURSsITEVts+coEfaFM8l/6gdMr/c1WJHvJnMVN/eREgULH3/ZOBnwD9b5 DfJ7VXhovQ9Hl5kwTX3KwgDW/SNbM6wo6Pjy0KAS3ix4yX/nhxLQjk36gPnxOmbQ Yh/JupaI2+iMmMzHLgZrrmfzJmd417K2UrZB/CH6sxKkCfQNkYCx+WnQZk9j9bKC XuXCvX6rm3SkzJ8GYu0bz8CCcMmVzugaoxlFWXBROPeI8joM8sZEFTBo4vIHiNs= =6nO7 -----END PGP SIGNATURE-----
--C23WHb8pNnTu8UoxoPREpAK0Rj9MnAeUw--
|
|
|
|