CVE-2012-4510
A flaw was found in the way the cupsGetFile() and cupsPutFile() functions of cups-pk-helper checked user IDs. If a local attacker performed a symbolic link attack, and was able to trick a CUPS administrator into approving the file transmission, the attacker could possibly use this flaw to access or modify certain system files, potentially leading to privilege escalation.
Find out more about CVE-2012-4510 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 5.6 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:C/I:C/A:N |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | cups-pk-helper | Not affected |
| Red Hat Enterprise Linux 6 | cups-pk-helper | Fix deferred |