Launchpad.net

CVE 2010-2431

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.

Related bugs and status

CVE-2010-2431 (Candidate) is related to these bugs:

Bug #369850: Cannot set up parallel port printer

		In	Importance	Status
369850	Cannot set up parallel port printer	linux (Ubuntu)	High	Invalid
369850	Cannot set up parallel port printer	udev (Ubuntu)	Undecided	Invalid
369850	Cannot set up parallel port printer	cups (Ubuntu)	Undecided	Fix Released
369850	Cannot set up parallel port printer	cups (Ubuntu Lucid)	Undecided	Won't Fix
369850	Cannot set up parallel port printer	linux (Ubuntu Lucid)	Undecided	Invalid
369850	Cannot set up parallel port printer	udev (Ubuntu Lucid)	Undecided	Invalid
369850	Cannot set up parallel port printer	cups (Ubuntu Maverick)	Undecided	Fix Released
369850	Cannot set up parallel port printer	linux (Ubuntu Maverick)	High	Invalid
369850	Cannot set up parallel port printer	udev (Ubuntu Maverick)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://cups.org/articl...
CONFIRM: http://cups.org/str.ph...
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2010:0811
VUPEN: ADV-2010-2856
MANDRIVA: MDVSA-2010:232
MANDRIVA: MDVSA-2010:234
DEBIAN: DSA-2176
SECUNIA: 43521
VUPEN: ADV-2011-0535
GENTOO: GLSA-201207-10