What is CVE-2012-5519?

CVE-2012-5519 is a vulnerability in Apple Cups, classified under CWE-264. Published 2012-11-20.

Is CVE-2012-5519 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Cups

CVE-2012-5519

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write…

EPSS: 0.072 (91.8th percentile) — read the EPSS interpretation.

Affected products

Apple Cups — versions 1.4.4
Debian Debian_linux
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

[oss-security] 20121111 Re: Privilege escalation (lpadmin -> root) in cups (mailing-list, x_refsource_MLIST)
USN-1654-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
APPLE-SA-2013-06-04-1 (vendor-advisory, x_refsource_APPLE)
SUSE-SU-2015:1044 (vendor-advisory, x_refsource_SUSE)
cups-systemgroup-priv-esc(80012) (vdb-entry, x_refsource_XF)
[oss-security] 20121111 Re: Privilege escalation (lpadmin -> root) in cups (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Exploit)
RHSA-2013:0580 (x_refsource_REDHAT, vendor-advisory)
SUSE-SU-2015:1041 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2012-5519?: CVE-2012-5519 is a vulnerability in Apple Cups, classified under CWE-264. Published 2012-11-20.
Is CVE-2012-5519 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.