CVE-2012-5519
cups - privilege escalation
EPSS 7.2%
Description
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
How to fix CVE-2012-5519
To remediate CVE-2012-5519, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.5.3-2.7 or later
- Debian/cups—upgrade to 1.4.4-7+squeeze2 or later
Is CVE-2012-5519 being exploited?
Moderate — EPSS is 7.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.5.3-2.7
- from 0, < 1.4.4-7+squeeze2