What is CVE-2013-6891?

CVE-2013-6891 is a vulnerability in Apple Cups, classified under Improper Link Resolution Before File Access. Published 2014-01-26.

Is CVE-2013-6891 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Cups

CVE-2013-6891

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

EPSS: 0.000 (14.6th percentile) — read the EPSS interpretation.

Affected products

Apple Cups — versions 1.7, 1.7.1
Canonical Ubuntu_linux — versions 12.10, 13.04, 13.10
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
USN-2082-1 (x_refsource_UBUNTU, vendor-advisory)
MDVSA-2014:015 (vendor-advisory, x_refsource_MANDRIVA)
56531 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)

Frequently asked questions

What is CVE-2013-6891?: CVE-2013-6891 is a vulnerability in Apple Cups, classified under Improper Link Resolution Before File Access. Published 2014-01-26.
Is CVE-2013-6891 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.