Vigil@nce - CUPS: privilege escalation via RSS
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, member of the lp group, can create a symbolic link,
and then read the RSS feed of CUPS, in order to escalate his
privileges.
Impacted products: Debian, Fedora, Unix (platform)
Severity: 2/4
Creation date: 22/07/2014
DESCRIPTION OF THE VULNERABILITY
The CUPS product offers a web service, with a RSS information
feed, which is impacted by vulnerability VIGILANCE-VUL-15074
(https://vigilance.fr/tree/1/15074?w=66901).
However, in the case where the language (language[0]) is not set,
the patch is not efficient.
An attacker, member of the lp group, can therefore still create a
symbolic link, and then read the RSS feed of CUPS, in order to
escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/CUPS-privilege-escalation-via-RSS-15081