CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
Exploitability
AV:LAC:MAu:NImpact
C:PI:NA:N1.9/AV:L/AC:M/Au:N/C:P/I:N/A:N