Bug 605397 (CVE-2010-2431)
Summary: | CVE-2010-2431 cups: latent privilege escalation vulnerability | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | jlieskov, jpopelka, jrusnack, twaugh, ykopkova |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-10-29 07:36:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 604728, 605399, 646767, 646768 | ||
Bug Blocks: |
Description
Vincent Danen
2010-06-17 20:27:36 UTC
Created cups tracking bugs for this issue Affects: fedora-all [bug 605399] cups-1.4.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/cups-1.4.4-1.fc13 cups-1.4.4-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/cups-1.4.4-1.fc12 cups-1.4.4-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/cups-1.4.4-1.fc11 Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2431 to this vulnerability: The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. With references: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431 [2] http://cups.org/articles.php?L596 [3] http://cups.org/str.php?L3510 cups-1.4.4-4.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/cups-1.4.4-4.fc13 cups-1.4.4-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. cups-1.4.4-5.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. cups-1.4.4-5.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0811 https://rhn.redhat.com/errata/RHSA-2010-0811.html Statement: This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4. It was addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0811. |