CVE-2013-6891

Priority
Medium
Description
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows
local users to read portions of arbitrary files via a modified HOME
environment variable and a symlink attack involving .cups/client.conf.
References
Bugs
Assigned-to
mdeslaur
Package
Source: cups (LP Ubuntu Debian)
Upstream:released (1.7.1-1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
Ubuntu 12.10 (Quantal Quetzal):released (1.6.1-0ubuntu11.5)
Ubuntu 13.10 (Saucy Salamander):released (1.7.0~rc1-0ubuntu5.2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.7.1-1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-30 14:14:56 UTC (commit 7694)