CVE-2014-3537

Description

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

References

Link	Tags
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html	vendor advisory
http://secunia.com/advisories/60273	third party advisory
http://www.cups.org/blog.php?L724	vendor advisory
http://rhn.redhat.com/errata/RHSA-2014-1388.html	vendor advisory
http://www.ubuntu.com/usn/USN-2293-1	vendor advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	vendor advisory
http://www.securityfocus.com/bid/68788	vdb entry vendor advisory
http://secunia.com/advisories/60787	third party advisory
http://www.cups.org/str.php?L4450
https://bugzilla.redhat.com/show_bug.cgi?id=1115576
http://secunia.com/advisories/59945	third party advisory
https://support.apple.com/kb/HT6535
http://www.securitytracker.com/id/1030611	vdb entry
http://advisories.mageia.org/MGASA-2014-0313.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:108	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2014-3537?: CVE-2014-3537 has been scored as a low severity vulnerability.
How to fix CVE-2014-3537?: To fix CVE-2014-3537, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2014-3537 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2014-3537 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-59 – Improper Link Resolution Before File Access ('Link Following')

References

Frequently Asked Questions