CVE-2002-1366 — cupsys - several vulnerabilities

Description

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

How to fix CVE-2002-1366

To remediate CVE-2002-1366, upgrade the affected package to a fixed version below.

Debian/cups—upgrade to 1.1.18-1 or later
Debian/cupsys—upgrade to 1.1.14-4.3 or later

Is CVE-2002-1366 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.1.18-1
from 0, < 1.1.14-4.3

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-1366