What is CVE-2010-2431?

CVE-2010-2431 is a vulnerability in Apple Cups, classified under Improper Link Resolution Before File Access. Published 2010-06-22.

Is CVE-2010-2431 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Cups

CVE-2010-2431

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.

EPSS: 0.001 (18.9th percentile) — read the EPSS interpretation.

Affected products

Apple Cups — versions 1.1.12, 1.1.9-1, 1.1.6-3
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

MDVSA-2010:234 (vendor-advisory, x_refsource_MANDRIVA)
RHSA-2010:0811 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
MDVSA-2010:232 (vendor-advisory, x_refsource_MANDRIVA)
ADV-2010-2856 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
DSA-2176 (vendor-advisory, x_refsource_DEBIAN)
GLSA-201207-10 (vendor-advisory, x_refsource_GENTOO)
ADV-2011-0535 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
43521 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2010-2431?: CVE-2010-2431 is a vulnerability in Apple Cups, classified under Improper Link Resolution Before File Access. Published 2010-06-22.
Is CVE-2010-2431 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.