Bugzilla – Bug 680210
VUL-1: cups: local file overwrite with users in "lp" group via /var/cache/cups/
Last modified: 2018-10-19 18:08:00 UTC
is public, from cve db http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431 The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. Please note that our users are not added to the "lp" group by default, which is required as precondition of this issue.
if an attacker gains access via a explioit to the "lp" group, it however is possible to hop further with this hole.
The matching CUPS STR for CVE-2010-2431 is http://cups.org/str.php?L3510 openSUSE 11.4 has cups-1.4.6 which is safe openSUSE 11.3 has cups-1.4.4 which is safe openSUSE 11.2 has cups-1.3.11 SLE11 has cups-1.3.9 SLE10 has cups-1.1.23 SLE9 has cups-1.1.20
The SWAMPID for this issue is 42066. This issue was rated as low. Please submit fixed packages until 2011-08-02. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/42066
done
.
Update released for: cups, cups-client, cups-debuginfo, cups-devel, cups-libs, cups-libs-32bit, cups-libs-64bit, cups-libs-x86 Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Update released for: cups, cups-client, cups-debuginfo, cups-debugsource, cups-devel, cups-libs, cups-libs-32bit, cups-libs-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: cups, cups-client, cups-debuginfo, cups-devel, cups-libs, cups-libs-32bit, cups-libs-64bit, cups-libs-x86 Products: SLE-SAP-APL 10-SP3 (x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)