CUPS Web Interface CVE-2014-5031 Incomplete Fix Local Privilege Escalation Vulnerability
BID:68847
Info
CUPS Web Interface CVE-2014-5031 Incomplete Fix Local Privilege Escalation Vulnerability
| Bugtraq ID: | 68847 |
| Class: | Design Error |
| CVE: |
CVE-2014-5031 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 22 2014 12:00AM |
| Updated: | Apr 13 2015 09:46PM |
| Credit: | Salvatore Bonaccorso |
| Vulnerable: |
Ubuntu Ubuntu Linux 14.04 LTS Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Apple CUPS 1.7.4 Apple CUPS 1.7.3 Apple CUPS 1.3.11 Apple CUPS 1.3.7 Apple CUPS 1.3.5 Apple CUPS 1.1.23 rc1 Apple CUPS 1.1.23 Apple CUPS 1.1.22 rc1 Apple CUPS 1.1.22 Apple CUPS 1.1.21 Apple CUPS 1.1.20 Apple CUPS 1.1.19 rc5 Apple CUPS 1.1.18 Apple CUPS 1.1.17 Apple CUPS 1.7.2 Apple CUPS 1.7.1 B1 Apple CUPS 1.7.1 Apple CUPS 1.7.0 Apple CUPS 1.7 Rc1 Apple CUPS 1.6.4 Apple CUPS 1.6.3 Apple CUPS 1.6.2 Apple CUPS 1.6.1 Apple CUPS 1.6 RC1 Apple CUPS 1.6 B1 Apple CUPS 1.5.4 Apple CUPS 1.5.3 Apple CUPS 1.5.2 Apple CUPS 1.5.1 Apple CUPS 1.5.0 Apple CUPS 1.5 Rc1 Apple CUPS 1.5 B2 Apple CUPS 1.5 B1 Apple CUPS 1.4.8 Apple CUPS 1.4.7 Apple CUPS 1.4.6 Apple CUPS 1.4.5 Apple CUPS 1.4.4 Apple CUPS 1.4.3 Apple CUPS 1.4.2 Apple CUPS 1.4.1 Apple CUPS 1.4.0 Apple CUPS 1.4 Rc1 Apple CUPS 1.4 B3 Apple CUPS 1.4 B2 Apple CUPS 1.4 B1 Apple CUPS 1.3.9 Apple CUPS 1.3.8 Apple CUPS 1.3.7-18 Apple CUPS 1.3.6 Apple CUPS 1.3.4 Apple CUPS 1.3.3 Apple CUPS 1.3.2 Apple CUPS 1.3.10 Apple CUPS 1.3.1 Apple CUPS 1.3.0 Apple CUPS 1.3 RC2 Apple CUPS 1.3 RC1 Apple CUPS 1.3 B1 Apple CUPS 1.2.9 Apple CUPS 1.2.8 Apple CUPS 1.2.7 Apple CUPS 1.2.6 Apple CUPS 1.2.5 Apple CUPS 1.2.4 Apple CUPS 1.2.3 Apple CUPS 1.2.2 Apple CUPS 1.2.12 Apple CUPS 1.2.11 Apple CUPS 1.2.10 Apple CUPS 1.2.1 Apple CUPS 1.2.0 Apple CUPS 1.2 RC3 Apple CUPS 1.2 RC2 Apple CUPS 1.2 RC1 Apple CUPS 1.2 B2 Apple CUPS 1.2 B1 Apple CUPS 1.1.9-1 Apple CUPS 1.1.9 Apple CUPS 1.1.8 Apple CUPS 1.1.7 Apple CUPS 1.1.6-3 Apple CUPS 1.1.6-2 Apple CUPS 1.1.6-1 Apple CUPS 1.1.6 Apple CUPS 1.1.5-2 Apple CUPS 1.1.5-1 Apple CUPS 1.1.5 Apple CUPS 1.1.4 Apple CUPS 1.1.3 Apple CUPS 1.1.22 Rc2 Apple CUPS 1.1.21 Rc2 Apple CUPS 1.1.21 Rc1 Apple CUPS 1.1.20 Rc6 Apple CUPS 1.1.20 Rc5 Apple CUPS 1.1.20 Rc4 Apple CUPS 1.1.20 Rc3 Apple CUPS 1.1.20 Rc2 Apple CUPS 1.1.20 Rc1 Apple CUPS 1.1.2 Apple CUPS 1.1.19 Rc4 Apple CUPS 1.1.19 Rc3 Apple CUPS 1.1.19 Rc2 Apple CUPS 1.1.19 Rc1 Apple CUPS 1.1.19 Apple CUPS 1.1.16 Apple CUPS 1.1.15 Apple CUPS 1.1.14 Apple CUPS 1.1.13 Apple CUPS 1.1.12 Apple CUPS 1.1.11 Apple CUPS 1.1.10-1 Apple CUPS 1.1.10 Apple CUPS 1.1.1 |
| Not Vulnerable: |
Apple CUPS 2.0-current |
Discussion
CUPS Web Interface CVE-2014-5031 Incomplete Fix Local Privilege Escalation Vulnerability
CUPS is prone to a local privilege-escalation vulnerability.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible.
Note: This issue is the result of an incomplete fix for the issue described in 68788 (CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability).
An attacker with local access could potentially exploit this issue to gain elevated privileges.
CUPS 1.7.4 and earlier versions are vulnerable
CUPS is prone to a local privilege-escalation vulnerability.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible.
Note: This issue is the result of an incomplete fix for the issue described in 68788 (CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability).
An attacker with local access could potentially exploit this issue to gain elevated privileges.
CUPS 1.7.4 and earlier versions are vulnerable
References
CUPS Web Interface CVE-2014-5031 Incomplete Fix Local Privilege Escalation Vulnerability
References:
References:
- CUPS Home Page (Apple)
- Re: CVE Request: cups: Incomplete fix for CVE-2014-3537 (oss-sec)
- STR #4455 Incomplete fix for CVE-2014-3537 (Apple )