cups

• Author: kikadf
• Vulnerable: 1.6.1-3arcturus3
• Unaffected: 1.6.1-3arcturus4

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031