CVE-2012-5519 - OpenCVE

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Cups
Debian	Debian Linux
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:apple:cups:1.4.4:::::::*
	cpe:2.3:o:debian:debian_linux::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
cups-1:1.3.7-30.el5_9.3	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0580	2013-02-28T00:00:00Z
Red Hat Enterprise Linux 6
cups-1:1.4.2-50.el6_4.4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0580	2013-02-28T00:00:00Z

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
http://rhn.redhat.com/errata/RHSA-2013-0580.html
http://support.apple.com/kb/HT5784
http://www.openwall.com/lists/oss-security/2012/11/10/5
http://www.openwall.com/lists/oss-security/2012/11/11/2
http://www.openwall.com/lists/oss-security/2012/11/11/5
http://www.securityfocus.com/bid/56494
http://www.ubuntu.com/usn/USN-1654-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/80012
https://nvd.nist.gov/vuln/detail/CVE-2012-5519
https://www.cve.org/CVERecord?id=CVE-2012-5519

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-20T00:00:00

Updated: 2024-08-06T21:05:47.442Z

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5519

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-11-20T00:55:01.337

Modified: 2023-02-13T00:26:43.897

Link: CVE-2012-5519

Redhat

Severity : Moderate

Publid Date: 2012-11-08T00:00:00Z

Links: CVE-2012-5519 - Bugzilla

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object