Univention Bugzilla – Bug 35357
cups: Information disclosure / privilege escalation (3.2)
Last modified: 2015-02-17 07:24:53 CET
CVE-2014-3537 Cups features a built-in RSS mechanism to notify users of the print scheduler status. The CUPS web server serves requests to any URL starting with "/rss" with the respecitive file below /var/cache/cups/rss/. This directory is writable by the group "sys" and the CUPS web server follows symlinks, i.e. it would be possible to symlink to e.g. /etc/machine.secret. The impact on UCS is rather low: "sys" is a local group and empty by default.
*** This bug has been marked as a duplicate of bug 35402 ***