Computer Security
[EN] securityvulns.ru no-pyccku


hplip symbolic lcinks vulnerability
Published:01.10.2013
Source:
SecurityVulns ID:13287
Type:remote
Threat Level:
5/10
Description:Unsafe temporary files handling.
Affected:HP : hplip 3.12
CVE:CVE-2013-0200 (HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.)
 CVE-2011-2722 (The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.)
Original documentdocumentUBUNTU, [USN-1981-1] HPLIP vulnerabilities (01.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod