VDB
GCVE-110-MAGEIA-2014-313
GCVE-110-MAGEIA-2014-313
Advisory Published
In CUPS before 1.7.4, a local user with privileges of group=lp can write
symbolic links in the rss directory and use that to gain '@SYSTEM' group
privilege with cupsd (CVE-2014-3537).
It was discovered that the web interface in CUPS incorrectly validated
permissions on rss files and directory index files. A local attacker could
possibly use this issue to bypass file permissions and read arbitrary files,
possibly leading to a privilege escalation (CVE-2014-5029, CVE-2014-5030,
CVE-2014-5031).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | cups | 0 (affected), 1.7.0-7.3.mga4 (unaffected) | — |
| Mageia | cups | 0 (affected), 1.5.4-9.4.mga3 (unaffected) | — |
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.