CVE-2010-2431 : The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary file

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.

Published 2010-06-22 20:30:02

Updated 2013-05-15 03:10:22

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2010-2431

Top countries where our scanners detected CVE-2010-2431

Top open port discovered on systems with this issue 631

IPs affected by CVE-2010-2431 5,347

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2010-2431!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-2431

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2431

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:L/AC:H/Au:N/C:N/I:P/A:P	1.9	4.9	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-2431

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2431

http://www.debian.org/security/2011/dsa-2176

Debian -- Security Information -- DSA-2176-1 cups

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201207-10.xml

CUPS: Multiple vulnerabilities (GLSA 201207-10) — Gentoo security

CVEs referencing this url
http://cups.org/str.php?L3510

cups overwrites files as root in a directory with non-root write permission · Issue #3510 · apple/cups · GitHub
http://www.vupen.com/english/advisories/2010/2856

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://cups.org/articles.php?L596

Page Has Moved - CUPS.org
Patch;Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232

mandriva.com

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234

mandriva.com

CVEs referencing this url
http://www.vupen.com/english/advisories/2011/0535

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2010-0811.html

RHSA-2010:0811 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=605397

605397 – (CVE-2010-2431) CVE-2010-2431 cups: latent privilege escalation vulnerability

Products affected by CVE-2010-2431

Apple » Cups
Versions up to, including, (<=) 1.4.3
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5-2
cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6
cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.10-1
cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.10
cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.18
cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.17
cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19
cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC1
cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC3
cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21 Update RC1
cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22 Update RC1
cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.1
cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5-1
cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5
cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.9
cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.9-1
cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.16
cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.15
cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC2
cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC3
cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC5
cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC2
cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22
cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22 Update RC2
cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.1
cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.0
cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.9
cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.7
cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update RC1
cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update RC2
cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-1
cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.2
cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-3
cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-2
cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.12
cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.11
cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20
cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC1
cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21
cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC6
cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update B2
cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update B1
cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.5
cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.4
cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.10
cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.11
cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.2
cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.3
cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC1
cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC3
cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC2
cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.8
cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.9
cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.0
cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.1
cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1
cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.3
cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.4
cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.8
cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.7
cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.14
cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.13
cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC4
cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC5
cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC4
cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21 Update RC2
cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.23 Update RC1
cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.4.1
cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.23
cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.3
cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.2
cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.6
cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.12
cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update B1
cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.4
cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.6
cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.5
cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.7
cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.8
cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.11
cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.10
cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.4.2
cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.4.0
cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*
Matching versions

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!