CVE-2010-0393

high

Description

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.

References

https://bugzilla.redhat.com/show_bug.cgi?id=558460

http://www.ubuntu.com/usn/USN-906-1

http://www.securityfocus.com/bid/38524

http://www.mandriva.com/security/advisories?name=MDVSA-2010:073

http://www.mandriva.com/security/advisories?name=MDVSA-2010:072

http://www.cups.org/str.php?L3482

http://support.apple.com/kb/HT4077

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Details

Source: Mitre, NVD

Published: 2010-03-05

Updated: 2013-05-15

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High