VDB

GCVE-110-MAGEIA-2014-313

GCVE-110-MAGEIA-2014-313
Advisory Published
Vulnetix · Advisory published August 5, 2014
In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd (CVE-2014-3537). It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation (CVE-2014-5029, CVE-2014-5030, CVE-2014-5031).

Affected Products

VendorProductVersionsPlatforms
Mageiacups0 (affected), 1.7.0-7.3.mga4 (unaffected)
Mageiacups0 (affected), 1.5.4-9.4.mga3 (unaffected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›