{"id":"CVE-2013-6891","details":"lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.","modified":"2026-04-16T06:24:57.224859055Z","published":"2014-01-26T01:55:09Z","references":[{"type":"ADVISORY","url":"http://advisories.mageia.org/MGASA-2014-0021.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/56531"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:015"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2082-1"},{"type":"ARTICLE","url":"http://www.cups.org/blog.php?L704"},{"type":"EVIDENCE","url":"http://www.cups.org/str.php?L4319"},{"type":"FIX","url":"http://www.cups.org/str.php?L4319"}],"schema_version":"1.7.5"}