Published: 06/03/2013 Updated: 13/02/2023

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

HP Linux Imaging and Printing (HPLIP) up to and including 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp linux imaging and printing project 3.9.6
hp linux imaging and printing project 3.10.6
hp linux imaging and printing project 3.11.1
hp linux imaging and printing project 3.11.3a
hp linux imaging and printing project 3.9.4b
hp linux imaging and printing project 3.9.12
hp linux imaging and printing project 1.0
hp linux imaging and printing project 2.7.10
hp linux imaging and printing project 2.0
hp linux imaging and printing project 3.9.4
hp linux imaging and printing project 3.9.10
hp linux imaging and printing project 3.10.9
hp linux imaging and printing project 3.9.8
hp linux imaging and printing project 3.10.5
hp linux imaging and printing project
hp linux imaging and printing project 3.11.3
hp linux imaging and printing project 3.11.5
hp linux imaging and printing project 3.11.10
hp linux imaging and printing project 3.9.2
hp linux imaging and printing project 3.10.2
hp linux imaging and printing project 3.11.7
redhat enterprise linux 6.0

Synopsis Low: hplip security, bug fix and enhancement update Type/Severity Security Advisory: Low Topic Updated hplip packages that fix several security issues, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this updat ...

Debian Bug report logs - #701185 CVE-2013-0200: Insecure temporary files Package: hplip; Maintainer for hplip is Debian Printing Team <debian-printing@listsdebianorg>; Source for hplip is src:hplip (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 22 Feb 2013 14:21:01 UTC Severity: ...

HPLIP could be made to overwrite files ...

Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled For the oldstable distribution (squeeze), these problems have been fixed in version 3106-2+squeeze2 For the stable distribution (wheezy ...

CWE-59 https://bugzilla.redhat.com/show_bug.cgi?id=902163 http://hplipopensource.com/hplip-web/release_notes.html ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm http://secunia.com/advisories/55083 http://www.ubuntu.com/usn/USN-1981-1 http://www.debian.org/security/2013/dsa-2829 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072 http://www.mandriva.com/security/advisories?name=MDVSA-2013:088 https://access.redhat.com/errata/RHSA-2013:0500 https://usn.ubuntu.com/1981-1/https://nvd.nist.gov

CVE-2013-0200

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect