CVE-2010-0393

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
Severity
UNKNOWN
AV:L/AC:M/Au:N/C:C/I:C/A:C
Atk. Vector
LOCAL
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
applecups
1.2.2
applecups
1.3.7
applecups
1.3.9
applecups
1.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cups
bullseye
2.3.3op2-3+deb11u8
fixed
bullseye (security)
2.3.3op2-3+deb11u9
fixed
bookworm
2.4.2-3+deb12u7
fixed
bookworm (security)
2.4.2-3+deb12u8
fixed
sid
2.4.10-2
fixed
trixie
2.4.10-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cups
karmic
Fixed 1.4.1-5ubuntu2.4
released
jaunty
Fixed 1.3.9-17ubuntu3.6
released
intrepid
Fixed 1.3.9-2ubuntu9.5
released
hardy
dne
dapper
dne
cupsys
karmic
dne
jaunty
dne
intrepid
dne
hardy
Fixed 1.3.7-1ubuntu3.8
released
dapper
Fixed 1.2.2-0ubuntu0.6.06.17
released
Common Weakness Enumeration