CVE-2012-4510
Published: 20 November 2012
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
Notes
Author | Note |
---|---|
seth-arnold | mitigated slightly by polkit requiring admin password |
Priority
Status
Package | Release | Status |
---|---|---|
cups-pk-helper Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(0.1.2-1ubuntu0.1)
|
|
precise |
Released
(0.2.1.2-1ubuntu0.1)
|
|
quantal |
Released
(0.2.1.2-1ubuntu1.1)
|
|
raring |
Not vulnerable
(0.2.4-0ubuntu1)
|
|
saucy |
Not vulnerable
(0.2.4-0ubuntu1)
|
|
upstream |
Released
(0.2.3-1)
|
|
Patches: vendor: http://www.debian.org/security/2012/dsa-2562 debdiff: https://bugs.launchpad.net/ubuntu/+source/cups-pk-helper/+bug/1083416 |