CVE-2010-2431

Publication date 22 June 2010

Last updated 24 July 2024

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
cups	10.04 LTS lucid	Fixed 1.4.3-1ubuntu1.2
	9.10 karmic	Fixed 1.4.1-5ubuntu2.6
	9.04 jaunty	Fixed 1.3.9-17ubuntu3.9
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
cupsys	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.04 LTS hardy	Fixed 1.3.7-1ubuntu3.11
	6.06 LTS dapper	Fixed 1.2.2-0ubuntu0.6.06.19

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2431