|
|
Subscribe / Log in / New account

cups: multiple vulnerabilities

Package(s):cups CVE #(s):CVE-2010-2431 CVE-2010-2432
Created:July 8, 2010 Updated:October 10, 2011
Description:

From the Pardus advisory:

CVE-2010-2431: The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.

CVE-2010-2432: The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

Alerts:
Gentoo 201207-10 cups 2012-07-09
Mandriva MDVSA-2011:146 cups 2011-10-11
Debian DSA-2176-1 cups 2011-03-02
Mandriva MDVSA-2010:234 cups 2010-11-15
Mandriva MDVSA-2010:232 cups 2010-11-15
CentOS CESA-2010:0811 cups 2010-11-01
Red Hat RHSA-2010:0811-01 cups 2010-10-28
Pardus 2010-95 cups 2010-07-08
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds