CVE-2010-0393
N/A
N/A
Summary
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.cups.org/str.php?L3482
- http://www.ubuntu.com/usn/USN-906-1
- http://www.securityfocus.com/bid/38524
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:072
- http://security.gentoo.org/glsa/glsa-201207-10.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
- http://support.apple.com/kb/HT4077
- https://bugzilla.redhat.com/show_bug.cgi?id=558460
References
- http://www.cups.org/str.php?L3482
- http://www.ubuntu.com/usn/USN-906-1
- http://www.securityfocus.com/bid/38524
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:072
- http://security.gentoo.org/glsa/glsa-201207-10.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
- http://support.apple.com/kb/HT4077
- https://bugzilla.redhat.com/show_bug.cgi?id=558460
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.