var-201401-0275
Vulnerability from variot

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. Cups is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on affected computers. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in Apple CUPS versions prior to 1.7.1 that stems from a bug in the configuration of the lppasswd application. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions (CVE-2013-6891). ========================================================================== Ubuntu Security Notice USN-2082-1 January 15, 2014

cups vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 13.04
  • Ubuntu 12.10

Summary:

CUPS could be made to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10: cups-client 1.7.0~rc1-0ubuntu5.2

Ubuntu 13.04: cups-client 1.6.2-1ubuntu8

Ubuntu 12.10: cups-client 1.6.1-0ubuntu11.5

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2082-1 CVE-2013-6891

Package Information: https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.2 https://launchpad.net/ubuntu/+source/cups/1.6.2-1ubuntu8 https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.5

.

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function (CVE-2014-2856).

The updated packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856


Updated Packages:

Mandriva Enterprise Server 5: 8143b2a3b767ee960c28f10516d55d2a mes5/i586/cups-1.3.10-0.7mdvmes5.2.i586.rpm bc9a8e5908dc217cb7e985dcaa090948 mes5/i586/cups-common-1.3.10-0.7mdvmes5.2.i586.rpm 64176366b00b7c3e7f7f35f35aafe26d mes5/i586/cups-serial-1.3.10-0.7mdvmes5.2.i586.rpm c4926d589017411ae66815746ee6c6ba mes5/i586/libcups2-1.3.10-0.7mdvmes5.2.i586.rpm 2e2ba1cd0bfa7dcd21276255ff4d747c mes5/i586/libcups2-devel-1.3.10-0.7mdvmes5.2.i586.rpm 5171a744370db45781755f21d3f56f7c mes5/i586/php-cups-1.3.10-0.7mdvmes5.2.i586.rpm 1658bb3253e9d923361e9a078be83a5b mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64: 9030814a190e5e1892e9a0d08e88f645 mes5/x86_64/cups-1.3.10-0.7mdvmes5.2.x86_64.rpm 27119afd41865890903bf904130ee425 mes5/x86_64/cups-common-1.3.10-0.7mdvmes5.2.x86_64.rpm e9bdae3ea58237d04e1b0696bc792113 mes5/x86_64/cups-serial-1.3.10-0.7mdvmes5.2.x86_64.rpm cae11ff7c5eac9fdd9716526dbcb179d mes5/x86_64/lib64cups2-1.3.10-0.7mdvmes5.2.x86_64.rpm 91bbc04883ddcf7c1b7e4f9609a81fd6 mes5/x86_64/lib64cups2-devel-1.3.10-0.7mdvmes5.2.x86_64.rpm 160961b924ac72272951552d3641a7ec mes5/x86_64/php-cups-1.3.10-0.7mdvmes5.2.x86_64.rpm 1658bb3253e9d923361e9a078be83a5b mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTddX2mqjQ0CJFipgRAtgAAKCXOPqgzFuMZiQtBTaVqF1CQ+qspACfRw2C GRomzZDVSFilfqhmbpIJHDU= =ZAUC -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0275",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "canonical",
        "version": "12.10"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "canonical",
        "version": "13.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "canonical",
        "version": "13.10"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.7.1"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.7"
      },
      {
        "model": "cups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.7.0"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "12.10"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "13.04"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "13.10"
      },
      {
        "model": "cups",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.7.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:canonical:ubuntu",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:cups",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jann Horn",
    "sources": [
      {
        "db": "BID",
        "id": "64985"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6891",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "id": "CVE-2013-6891",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "id": "VHN-66893",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:H/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-6891",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-6891",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-537",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66893",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. Cups is prone to a local privilege-escalation vulnerability. \nLocal attackers can exploit this issue to gain elevated privileges on affected computers. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in Apple CUPS versions prior to 1.7.1 that stems from a bug in the configuration of the lppasswd application. A local attacker\n could use this to read sensitive information from certain files,\n bypassing access restrictions (CVE-2013-6891). ==========================================================================\nUbuntu Security Notice USN-2082-1\nJanuary 15, 2014\n\ncups vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 13.04\n- Ubuntu 12.10\n\nSummary:\n\nCUPS could be made to expose sensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  cups-client                     1.7.0~rc1-0ubuntu5.2\n\nUbuntu 13.04:\n  cups-client                     1.6.2-1ubuntu8\n\nUbuntu 12.10:\n  cups-client                     1.6.1-0ubuntu11.5\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2082-1\n  CVE-2013-6891\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.2\n  https://launchpad.net/ubuntu/+source/cups/1.6.2-1ubuntu8\n  https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.5\n\n\n. \n \n Cross-site scripting (XSS) vulnerability in scheduler/client.c\n in Common Unix Printing System (CUPS) before 1.7.2 allows remote\n attackers to inject arbitrary web script or HTML via the URL path,\n related to the is_path_absolute function (CVE-2014-2856). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 8143b2a3b767ee960c28f10516d55d2a  mes5/i586/cups-1.3.10-0.7mdvmes5.2.i586.rpm\n bc9a8e5908dc217cb7e985dcaa090948  mes5/i586/cups-common-1.3.10-0.7mdvmes5.2.i586.rpm\n 64176366b00b7c3e7f7f35f35aafe26d  mes5/i586/cups-serial-1.3.10-0.7mdvmes5.2.i586.rpm\n c4926d589017411ae66815746ee6c6ba  mes5/i586/libcups2-1.3.10-0.7mdvmes5.2.i586.rpm\n 2e2ba1cd0bfa7dcd21276255ff4d747c  mes5/i586/libcups2-devel-1.3.10-0.7mdvmes5.2.i586.rpm\n 5171a744370db45781755f21d3f56f7c  mes5/i586/php-cups-1.3.10-0.7mdvmes5.2.i586.rpm \n 1658bb3253e9d923361e9a078be83a5b  mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 9030814a190e5e1892e9a0d08e88f645  mes5/x86_64/cups-1.3.10-0.7mdvmes5.2.x86_64.rpm\n 27119afd41865890903bf904130ee425  mes5/x86_64/cups-common-1.3.10-0.7mdvmes5.2.x86_64.rpm\n e9bdae3ea58237d04e1b0696bc792113  mes5/x86_64/cups-serial-1.3.10-0.7mdvmes5.2.x86_64.rpm\n cae11ff7c5eac9fdd9716526dbcb179d  mes5/x86_64/lib64cups2-1.3.10-0.7mdvmes5.2.x86_64.rpm\n 91bbc04883ddcf7c1b7e4f9609a81fd6  mes5/x86_64/lib64cups2-devel-1.3.10-0.7mdvmes5.2.x86_64.rpm\n 160961b924ac72272951552d3641a7ec  mes5/x86_64/php-cups-1.3.10-0.7mdvmes5.2.x86_64.rpm \n 1658bb3253e9d923361e9a078be83a5b  mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTddX2mqjQ0CJFipgRAtgAAKCXOPqgzFuMZiQtBTaVqF1CQ+qspACfRw2C\nGRomzZDVSFilfqhmbpIJHDU=\n=ZAUC\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6891",
        "trust": 3.1
      },
      {
        "db": "SECUNIA",
        "id": "56531",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537",
        "trust": 0.7
      },
      {
        "db": "UBUNTU",
        "id": "USN-2082-1",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "64985",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "126691",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "124889",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "124797",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-66893",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "id": "VAR-201401-0275",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:14:15.850000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "STR #4319 lppasswd vulnerability",
        "trust": 0.8,
        "url": "http://www.cups.org/str.php?L4319"
      },
      {
        "title": "Article #704",
        "trust": 0.8,
        "url": "http://www.cups.org/blog.php?L704"
      },
      {
        "title": "USN-2082-1",
        "trust": 0.8,
        "url": "http://www.ubuntu.com/usn/USN-2082-1/"
      },
      {
        "title": "cups-1.7.1-source",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47726"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-59",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://advisories.mageia.org/mgasa-2014-0021.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2082-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.cups.org/blog.php?l704"
      },
      {
        "trust": 1.7,
        "url": "http://www.cups.org/str.php?l4319"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/56531"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:015"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6891"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6891"
      },
      {
        "trust": 0.3,
        "url": "http://www.cups.org/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6891"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.6.2-1ubuntu8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2856"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2856"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "date": "2013-12-19T00:00:00",
        "db": "BID",
        "id": "64985"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "date": "2014-01-23T00:40:06",
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "date": "2014-01-15T17:42:00",
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "date": "2014-05-19T03:19:36",
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "date": "2014-01-26T01:55:09.563000",
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-03-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "date": "2014-05-19T00:52:00",
        "db": "BID",
        "id": "64985"
      },
      {
        "date": "2015-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "date": "2024-11-21T01:59:55.510000",
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      }
    ],
    "trust": 1.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CUPS of  lppasswd Vulnerabilities in which some files can be read",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "post link",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.