CVE-2010-0393

MEDIUM

Description

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.

References

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://support.apple.com/kb/HT4077

http://www.cups.org/str.php?L3482

http://www.mandriva.com/security/advisories?name=MDVSA-2010:072

http://www.mandriva.com/security/advisories?name=MDVSA-2010:073

http://www.securityfocus.com/bid/38524

http://www.ubuntu.com/usn/USN-906-1

https://bugzilla.redhat.com/show_bug.cgi?id=558460

Details

Source: MITRE

Published: 2010-03-05

Updated: 2013-05-15

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM