Date: Fri, 12 Oct 2012 15:04:07 +0200 From: Vincent Untz <vuntz@...e.com> To: oss-security@...ts.openwall.com Subject: Security flaw in cups-pk-helper (CVE-2012-4510) Hi, cups-pk-helper (versions up to 0.2.2) wraps cupsGetFile/cupsPutFile in an insecure way. Since cups-pk-helper is running as root, this could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The flaw is however mitigated by the fact that it cannot be exploited without the user explicitly approving the action (via polkit authentication with the admin password). This has been fixed in cups-pk-helper 0.2.3: http://www.freedesktop.org/software/cups-pk-helper/releases/cups-pk-helper-0.2.3.tar.xz Thanks to Sebastian Krahmer and Alexander Peslyak for their help in reviewing the fix. Reference: CVE-2012-4510 About cups-pk-helper: cups-pk-helper is a PolicyKit helper to configure cups with fine-grained privileges. See http://www.freedesktop.org/wiki/Software/cups-pk-helper Vincent -- Les gens heureux ne sont pas pressÚs. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ