The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Link | Tags |
---|---|
https://cups.org/str.php?L4455 | patch vendor advisory |
http://www.ubuntu.com/usn/USN-2341-1 | vendor advisory |
http://www.openwall.com/lists/oss-security/2014/07/22/13 | mailing list |
http://rhn.redhat.com/errata/RHSA-2014-1388.html | vendor advisory |
http://secunia.com/advisories/60787 | third party advisory |
http://www.debian.org/security/2014/dsa-2990 | vendor advisory |
http://www.openwall.com/lists/oss-security/2014/07/22/2 | mailing list |
http://advisories.mageia.org/MGASA-2014-0313.html | |
http://secunia.com/advisories/60509 | third party advisory |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 | vendor advisory |