exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Mandriva Linux Security Advisory 2010-072
Posted Apr 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-072 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, local, xss
systems | linux, mandriva
advisories | CVE-2009-2820, CVE-2010-0393
SHA-256 | 87a1b81e834c7351f9b23a53bf106959914ab7a068d03785563229a2e13f2d5f
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close