CVE-2013-6891 (GCVE-0-2013-6891)

Vulnerability from cvelistv5 – Published: 2014-01-26 01:00 – Updated: 2024-08-06 17:53

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

6 references

URL	Tags
http://advisories.mageia.org/MGASA-2014-0021.html	x_refsource_CONFIRM
http://www.cups.org/blog.php?L704	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2082-1	vendor-advisoryx_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/56531	third-party-advisoryx_refsource_SECUNIA
http://www.cups.org/str.php?L4319	x_refsource_CONFIRM

Date Public

2014-01-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:53:45.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cups.org/blog.php?L704"
          },
          {
            "name": "USN-2082-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2082-1"
          },
          {
            "name": "MDVSA-2014:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"
          },
          {
            "name": "56531",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56531"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cups.org/str.php?L4319"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-20T16:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cups.org/blog.php?L704"
        },
        {
          "name": "USN-2082-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2082-1"
        },
        {
          "name": "MDVSA-2014:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"
        },
        {
          "name": "56531",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56531"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cups.org/str.php?L4319"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6891",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0021.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0021.html"
            },
            {
              "name": "http://www.cups.org/blog.php?L704",
              "refsource": "CONFIRM",
              "url": "http://www.cups.org/blog.php?L704"
            },
            {
              "name": "USN-2082-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2082-1"
            },
            {
              "name": "MDVSA-2014:015",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"
            },
            {
              "name": "56531",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56531"
            },
            {
              "name": "http://www.cups.org/str.php?L4319",
              "refsource": "CONFIRM",
              "url": "http://www.cups.org/str.php?L4319"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-6891",
    "datePublished": "2014-01-26T01:00:00.000Z",
    "dateReserved": "2013-11-28T00:00:00.000Z",
    "dateUpdated": "2024-08-06T17:53:45.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2013-6891",
      "date": "2026-06-03",
      "epss": "0.00046",
      "percentile": "0.14546"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6891\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-01-26T01:55:09.563\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.\"},{\"lang\":\"es\",\"value\":\"lppasswd en CUPS anteriores a 1.7.1, cuando se ejecuta con privilegios setuid, permite a usuarios locales leer porciones de archivos arbitrarios a trav\u00e9s de una variable de entorno HOME modificada y un ataque symlink que involucra .cups/client.conf\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":1.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.0\",\"matchCriteriaId\":\"96BCA869-A0D7-43CD-AEE1-2946FFFFFD25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:cups:1.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"055893FF-4833-4BDC-9C6B-B4BDD0F59942\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:cups:1.7.1:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"54164748-5511-4B90-BD1B-75C0D89532A3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2076871-2E80-4605-A470-A41C1A8EC7EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFAA48D9-BEB4-4E49-AD50-325C262D46D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F61F047-129C-41A6-8A27-FFCBB8563E91\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2014-0021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/56531\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cups.org/blog.php?L704\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cups.org/str.php?L4319\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:015\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2082-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://advisories.mageia.org/MGASA-2014-0021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/56531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cups.org/blog.php?L704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cups.org/str.php?L4319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:015\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2082-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2013-6891

Vulnerability from fkie_nvd - Published: 2014-01-26 01:55 - Updated: 2026-04-29 01:13

Severity

Summary

References

URL	Tags
cve@mitre.org	http://advisories.mageia.org/MGASA-2014-0021.html
cve@mitre.org	http://secunia.com/advisories/56531	Vendor Advisory
cve@mitre.org	http://www.cups.org/blog.php?L704
cve@mitre.org	http://www.cups.org/str.php?L4319	Exploit, Patch
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2014:015
cve@mitre.org	http://www.ubuntu.com/usn/USN-2082-1
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2014-0021.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/56531	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cups.org/blog.php?L704
af854a3a-2127-422b-91ae-364da2661108	http://www.cups.org/str.php?L4319	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:015
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2082-1

Impacted products

Vendor	Product	Version
apple	cups	*
apple	cups	1.7
apple	cups	1.7.1
canonical	ubuntu_linux	12.10
canonical	ubuntu_linux	13.04
canonical	ubuntu_linux	13.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96BCA869-A0D7-43CD-AEE1-2946FFFFFD25",
              "versionEndIncluding": "1.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:cups:1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "055893FF-4833-4BDC-9C6B-B4BDD0F59942",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:cups:1.7.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "54164748-5511-4B90-BD1B-75C0D89532A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf."
    },
    {
      "lang": "es",
      "value": "lppasswd en CUPS anteriores a 1.7.1, cuando se ejecuta con privilegios setuid, permite a usuarios locales leer porciones de archivos arbitrarios a trav\u00e9s de una variable de entorno HOME modificada y un ataque symlink que involucra .cups/client.conf"
    }
  ],
  "id": "CVE-2013-6891",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.2,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-01-26T01:55:09.563",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://advisories.mageia.org/MGASA-2014-0021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/56531"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cups.org/blog.php?L704"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.cups.org/str.php?L4319"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2082-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/56531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cups.org/blog.php?L704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.cups.org/str.php?L4319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2082-1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R8JG-Q736-V263

Vulnerability from github – Published: 2022-05-17 04:50 – Updated: 2022-05-17 04:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-26T01:55:00Z",
    "severity": "LOW"
  },
  "details": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.",
  "id": "GHSA-r8jg-q736-v263",
  "modified": "2022-05-17T04:50:44Z",
  "published": "2022-05-17T04:50:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6891"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2014-0021.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56531"
    },
    {
      "type": "WEB",
      "url": "http://www.cups.org/blog.php?L704"
    },
    {
      "type": "WEB",
      "url": "http://www.cups.org/str.php?L4319"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2082-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2013-6891

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-6891

Aliases

CVE-2013-6891

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6891",
    "description": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.",
    "id": "GSD-2013-6891",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-6891.html",
      "https://advisories.mageia.org/CVE-2013-6891.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6891"
      ],
      "details": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.",
      "id": "GSD-2013-6891",
      "modified": "2023-12-13T01:22:19.819372Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-6891",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://advisories.mageia.org/MGASA-2014-0021.html",
            "refsource": "CONFIRM",
            "url": "http://advisories.mageia.org/MGASA-2014-0021.html"
          },
          {
            "name": "http://www.cups.org/blog.php?L704",
            "refsource": "CONFIRM",
            "url": "http://www.cups.org/blog.php?L704"
          },
          {
            "name": "USN-2082-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2082-1"
          },
          {
            "name": "MDVSA-2014:015",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"
          },
          {
            "name": "56531",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/56531"
          },
          {
            "name": "http://www.cups.org/str.php?L4319",
            "refsource": "CONFIRM",
            "url": "http://www.cups.org/str.php?L4319"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.7:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:1.7.1:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6891"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "56531",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/56531"
            },
            {
              "name": "http://www.cups.org/blog.php?L704",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.cups.org/blog.php?L704"
            },
            {
              "name": "USN-2082-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2082-1"
            },
            {
              "name": "http://www.cups.org/str.php?L4319",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.cups.org/str.php?L4319"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0021.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://advisories.mageia.org/MGASA-2014-0021.html"
            },
            {
              "name": "MDVSA-2014:015",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2014-03-06T04:49Z",
      "publishedDate": "2014-01-26T01:55Z"
    }
  }
}

VAR-201401-0275

Vulnerability from variot - Updated: 2025-04-11 20:48

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. Cups is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on affected computers. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in Apple CUPS versions prior to 1.7.1 that stems from a bug in the configuration of the lppasswd application. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions (CVE-2013-6891). ========================================================================== Ubuntu Security Notice USN-2082-1 January 15, 2014

cups vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 13.10
Ubuntu 13.04
Ubuntu 12.10

Summary:

CUPS could be made to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10: cups-client 1.7.0~rc1-0ubuntu5.2

Ubuntu 13.04: cups-client 1.6.2-1ubuntu8

Ubuntu 12.10: cups-client 1.6.1-0ubuntu11.5

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2082-1 CVE-2013-6891

Package Information: https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.2 https://launchpad.net/ubuntu/+source/cups/1.6.2-1ubuntu8 https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.5

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function (CVE-2014-2856).

The updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856

Updated Packages:

Mandriva Enterprise Server 5: 8143b2a3b767ee960c28f10516d55d2a mes5/i586/cups-1.3.10-0.7mdvmes5.2.i586.rpm bc9a8e5908dc217cb7e985dcaa090948 mes5/i586/cups-common-1.3.10-0.7mdvmes5.2.i586.rpm 64176366b00b7c3e7f7f35f35aafe26d mes5/i586/cups-serial-1.3.10-0.7mdvmes5.2.i586.rpm c4926d589017411ae66815746ee6c6ba mes5/i586/libcups2-1.3.10-0.7mdvmes5.2.i586.rpm 2e2ba1cd0bfa7dcd21276255ff4d747c mes5/i586/libcups2-devel-1.3.10-0.7mdvmes5.2.i586.rpm 5171a744370db45781755f21d3f56f7c mes5/i586/php-cups-1.3.10-0.7mdvmes5.2.i586.rpm 1658bb3253e9d923361e9a078be83a5b mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64: 9030814a190e5e1892e9a0d08e88f645 mes5/x86_64/cups-1.3.10-0.7mdvmes5.2.x86_64.rpm 27119afd41865890903bf904130ee425 mes5/x86_64/cups-common-1.3.10-0.7mdvmes5.2.x86_64.rpm e9bdae3ea58237d04e1b0696bc792113 mes5/x86_64/cups-serial-1.3.10-0.7mdvmes5.2.x86_64.rpm cae11ff7c5eac9fdd9716526dbcb179d mes5/x86_64/lib64cups2-1.3.10-0.7mdvmes5.2.x86_64.rpm 91bbc04883ddcf7c1b7e4f9609a81fd6 mes5/x86_64/lib64cups2-devel-1.3.10-0.7mdvmes5.2.x86_64.rpm 160961b924ac72272951552d3641a7ec mes5/x86_64/php-cups-1.3.10-0.7mdvmes5.2.x86_64.rpm 1658bb3253e9d923361e9a078be83a5b mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTddX2mqjQ0CJFipgRAtgAAKCXOPqgzFuMZiQtBTaVqF1CQ+qspACfRw2C GRomzZDVSFilfqhmbpIJHDU= =ZAUC -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0275",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "canonical",
        "version": "12.10"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "canonical",
        "version": "13.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "canonical",
        "version": "13.10"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.7"
      },
      {
        "model": "cups",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.7.1"
      },
      {
        "model": "cups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.7.0"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "12.10"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "13.04"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "13.10"
      },
      {
        "model": "cups",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.7.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:canonical:ubuntu",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:cups",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jann Horn",
    "sources": [
      {
        "db": "BID",
        "id": "64985"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6891",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "id": "CVE-2013-6891",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "id": "VHN-66893",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:H/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-6891",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-6891",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-537",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66893",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. Cups is prone to a local privilege-escalation vulnerability. \nLocal attackers can exploit this issue to gain elevated privileges on affected computers. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in Apple CUPS versions prior to 1.7.1 that stems from a bug in the configuration of the lppasswd application. A local attacker\n could use this to read sensitive information from certain files,\n bypassing access restrictions (CVE-2013-6891). ==========================================================================\nUbuntu Security Notice USN-2082-1\nJanuary 15, 2014\n\ncups vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 13.04\n- Ubuntu 12.10\n\nSummary:\n\nCUPS could be made to expose sensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  cups-client                     1.7.0~rc1-0ubuntu5.2\n\nUbuntu 13.04:\n  cups-client                     1.6.2-1ubuntu8\n\nUbuntu 12.10:\n  cups-client                     1.6.1-0ubuntu11.5\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2082-1\n  CVE-2013-6891\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.2\n  https://launchpad.net/ubuntu/+source/cups/1.6.2-1ubuntu8\n  https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.5\n\n\n. \n \n Cross-site scripting (XSS) vulnerability in scheduler/client.c\n in Common Unix Printing System (CUPS) before 1.7.2 allows remote\n attackers to inject arbitrary web script or HTML via the URL path,\n related to the is_path_absolute function (CVE-2014-2856). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 8143b2a3b767ee960c28f10516d55d2a  mes5/i586/cups-1.3.10-0.7mdvmes5.2.i586.rpm\n bc9a8e5908dc217cb7e985dcaa090948  mes5/i586/cups-common-1.3.10-0.7mdvmes5.2.i586.rpm\n 64176366b00b7c3e7f7f35f35aafe26d  mes5/i586/cups-serial-1.3.10-0.7mdvmes5.2.i586.rpm\n c4926d589017411ae66815746ee6c6ba  mes5/i586/libcups2-1.3.10-0.7mdvmes5.2.i586.rpm\n 2e2ba1cd0bfa7dcd21276255ff4d747c  mes5/i586/libcups2-devel-1.3.10-0.7mdvmes5.2.i586.rpm\n 5171a744370db45781755f21d3f56f7c  mes5/i586/php-cups-1.3.10-0.7mdvmes5.2.i586.rpm \n 1658bb3253e9d923361e9a078be83a5b  mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 9030814a190e5e1892e9a0d08e88f645  mes5/x86_64/cups-1.3.10-0.7mdvmes5.2.x86_64.rpm\n 27119afd41865890903bf904130ee425  mes5/x86_64/cups-common-1.3.10-0.7mdvmes5.2.x86_64.rpm\n e9bdae3ea58237d04e1b0696bc792113  mes5/x86_64/cups-serial-1.3.10-0.7mdvmes5.2.x86_64.rpm\n cae11ff7c5eac9fdd9716526dbcb179d  mes5/x86_64/lib64cups2-1.3.10-0.7mdvmes5.2.x86_64.rpm\n 91bbc04883ddcf7c1b7e4f9609a81fd6  mes5/x86_64/lib64cups2-devel-1.3.10-0.7mdvmes5.2.x86_64.rpm\n 160961b924ac72272951552d3641a7ec  mes5/x86_64/php-cups-1.3.10-0.7mdvmes5.2.x86_64.rpm \n 1658bb3253e9d923361e9a078be83a5b  mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTddX2mqjQ0CJFipgRAtgAAKCXOPqgzFuMZiQtBTaVqF1CQ+qspACfRw2C\nGRomzZDVSFilfqhmbpIJHDU=\n=ZAUC\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6891",
        "trust": 3.1
      },
      {
        "db": "SECUNIA",
        "id": "56531",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537",
        "trust": 0.7
      },
      {
        "db": "UBUNTU",
        "id": "USN-2082-1",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "64985",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "126691",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "124889",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "124797",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-66893",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "id": "VAR-201401-0275",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-11T20:48:04.555000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "STR #4319 lppasswd vulnerability",
        "trust": 0.8,
        "url": "http://www.cups.org/str.php?L4319"
      },
      {
        "title": "Article #704",
        "trust": 0.8,
        "url": "http://www.cups.org/blog.php?L704"
      },
      {
        "title": "USN-2082-1",
        "trust": 0.8,
        "url": "http://www.ubuntu.com/usn/USN-2082-1/"
      },
      {
        "title": "cups-1.7.1-source",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47726"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-59",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://advisories.mageia.org/mgasa-2014-0021.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2082-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.cups.org/blog.php?l704"
      },
      {
        "trust": 1.7,
        "url": "http://www.cups.org/str.php?l4319"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/56531"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:015"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6891"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6891"
      },
      {
        "trust": 0.3,
        "url": "http://www.cups.org/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6891"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.6.2-1ubuntu8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2856"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2856"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "date": "2013-12-19T00:00:00",
        "db": "BID",
        "id": "64985"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "date": "2014-01-23T00:40:06",
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "date": "2014-01-15T17:42:00",
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "date": "2014-05-19T03:19:36",
        "db": "PACKETSTORM",
        "id": "126691"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "date": "2014-01-26T01:55:09.563000",
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-03-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66893"
      },
      {
        "date": "2014-05-19T00:52:00",
        "db": "BID",
        "id": "64985"
      },
      {
        "date": "2015-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2013-6891"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "64985"
      },
      {
        "db": "PACKETSTORM",
        "id": "124889"
      },
      {
        "db": "PACKETSTORM",
        "id": "124797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      }
    ],
    "trust": 1.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CUPS of  lppasswd Vulnerabilities in which some files can be read",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005925"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "post link",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-537"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-6891 (GCVE-0-2013-6891)

FKIE_CVE-2013-6891

GHSA-R8JG-Q736-V263

GSD-2013-6891

VAR-201401-0275

cups vulnerability

Tags

Sightings

Nomenclature