Home CVE Database CVE-2018-4182

CVE-2018-4182

Description

It is possible to cause cups-exec to execute backends without a sandbox profile by causing cupsdCreateProfile() to fail. An attacker that has obtained sandboxed root access can accomplish this by setting the CUPS temporary directory to immutable using chflags, which will prevent the profile from being written to disk.

Priority: HIGH
CVSS v3: 8.2
Publish Date: Aug 14, 2018
Related ID: --
CVSS v2: HIGH
Modified Date: Aug 14, 2018

Find out more about CVE-2018-4182 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

cups

Live chat
Online