CVE-2013-6891

Related Files

Mandriva Linux Security Advisory 2014-092

Posted May 19, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-092 - lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving.cups/client.conf. Cross-site scripting vulnerability in scheduler/client.c in Common Unix Printing System before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, local, xss

systems | linux, unix, mandriva

advisories | CVE-2013-6891, CVE-2014-2856

SHA-256 | 42c1c60c5b38f63153e3d145588b75d3bd5cddd4e0f739227eba41ec8a6c26e7

Download | Favorite | View

Mandriva Linux Security Advisory 2014-015

Posted Jan 23, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-015 - Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.

tags | advisory, local

systems | linux, mandriva

advisories | CVE-2013-6891

SHA-256 | c44b363f15f84b64f144f627526dde5cb5a1d7a345a73f145f5638ee62d1d767

Download | Favorite | View

Ubuntu Security Notice USN-2082-1

Posted Jan 15, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2082-1 - Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.

tags | advisory, local

systems | linux, ubuntu

advisories | CVE-2013-6891

SHA-256 | 8ccfc6fba38df9120e96e707d0a9e03460184e1d2c68c90777c3dda22d9ec4a9

Download | Favorite | View