Mandriva Linux Security Advisory 2015-108 - Cross-site scripting vulnerability in scheduler/client.c in Common Unix Printing System before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.
029c517fb2aafd25bf90e98f07319e0f00c7a6d282bf8e64661bb76a2f70f6a8
Red Hat Security Advisory 2014-1388-02 - CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A cross-site scripting flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system.
f40db663647458b2845b3f1ac29ff57140997773dd6238d70c6eb62820776ebf
Ubuntu Security Notice 2341-1 - Salvatore Bonaccorso discovered that the CUPS web interface incorrectly validated permissions and incorrectly handled symlinks. An attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
f57044e3821a7f70ab5ef00b54419a5243bf8be708be9a4544a2ce036435c480
Mandriva Linux Security Advisory 2014-151 - In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
7d4d6b6d830e0e917745ad8442f7a68ed02759bd672d8f5b73f660cc5ce1b6f0
Debian Linux Security Advisory 2990-1 - It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
cc938fc7d54d51a015c06e68ed74d219f09c0baf6016e28dce18fb4e2629a93b