CVE-2010-0393

Priority
Description
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2,
1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the
file that provides localized message strings, which allows local users to
gain privileges via a file that contains crafted localization data with
format string specifiers.
Notes
mdeslaurFortify source removed the root escalation part
Package
Source: cups (LP Ubuntu Debian)
Upstream:needs-triage
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#fortify-source
Package
Upstream:needs-triage
More Information

Updated: 2020-03-18 22:02:25 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)