Candidate: CVE-2012-4510
PublicDate: 2012-11-20 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4510
 http://www.openwall.com/lists/oss-security/2012/10/12/2
Description:
 cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and
 (2) cupsPutFile function calls, which allows user-assisted remote attackers
 to read or overwrite sensitive files using CUPS resources.
Ubuntu-Description:
Notes:
 seth-arnold> mitigated slightly by polkit requiring admin password
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/cups-pk-helper/+bug/1083416
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_cups-pk-helper:
 vendor: http://www.debian.org/security/2012/dsa-2562
 debdiff: https://bugs.launchpad.net/ubuntu/+source/cups-pk-helper/+bug/1083416
upstream_cups-pk-helper: released (0.2.3-1)
hardy_cups-pk-helper: DNE
lucid_cups-pk-helper: DNE
natty_cups-pk-helper: ignored (reached end-of-life)
oneiric_cups-pk-helper: released (0.1.2-1ubuntu0.1)
precise_cups-pk-helper: released (0.2.1.2-1ubuntu0.1)
quantal_cups-pk-helper: released (0.2.1.2-1ubuntu1.1)
raring_cups-pk-helper: not-affected (0.2.4-0ubuntu1)
saucy_cups-pk-helper: not-affected (0.2.4-0ubuntu1)
devel_cups-pk-helper: not-affected (0.2.4-0ubuntu1)