Published: 05/01/2014 Updated: 06/03/2014

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

base/pkit.py in HP Linux Imaging and Printing (HPLIP) up to and including 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp linux imaging and printing project
hp linux imaging and printing project 3.11.3a
hp linux imaging and printing project 3.13.5
hp linux imaging and printing project 3.13.4
hp linux imaging and printing project 3.12.6
hp linux imaging and printing project 3.12.4
hp linux imaging and printing project 3.11.1
hp linux imaging and printing project 3.10.9
hp linux imaging and printing project 3.9.6
hp linux imaging and printing project 3.9.4
hp linux imaging and printing project 3.13.8
hp linux imaging and printing project 3.9.4b
hp linux imaging and printing project 3.13.3
hp linux imaging and printing project 3.13.2
hp linux imaging and printing project 3.12.2
hp linux imaging and printing project 3.11.12
hp linux imaging and printing project 3.11.10
hp linux imaging and printing project 3.10.6
hp linux imaging and printing project 3.10.5
hp linux imaging and printing project 3.9.2
hp linux imaging and printing project 3.13.10
hp linux imaging and printing project 3.13.9
hp linux imaging and printing project 3.12.11
hp linux imaging and printing project 3.12.10
hp linux imaging and printing project 3.11.7
hp linux imaging and printing project 3.11.5
hp linux imaging and printing project 3.10.2
hp linux imaging and printing project 3.9.12
hp linux imaging and printing project 3.13.7
hp linux imaging and printing project 3.13.6
hp linux imaging and printing project 3.12.9
hp linux imaging and printing project 3.11.3
hp linux imaging and printing project 3.9.10
hp linux imaging and printing project 3.9.8

Debian Bug report logs - #725876 hplip: CVE-2013-6402: insecure temporary files handling in pkitpy Package: hplip; Maintainer for hplip is Debian Printing Team <debian-printing@listsdebianorg>; Source for hplip is src:hplip (PTS, buildd, popcon) Reported by: Raphael Geissert <geissert@debianorg> Date: Wed, 9 Oct ...

Several security issues were fixed in HPLIP ...

Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled For the oldstable distribution (squeeze), these problems have been fixed in version 3106-2+squeeze2 For the stable distribution (wheezy ...

base/pkitpy in HP Linux Imaging and Printing (HPLIP) through 31311 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservicelog temporary file ...

CWE-59 https://bugzilla.novell.com/show_bug.cgi?id=852368 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876 https://security-tracker.debian.org/tracker/CVE-2013-6402 http://www.debian.org/security/2013/dsa-2829 http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html http://www.ubuntu.com/usn/USN-2085-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876 https://usn.ubuntu.com/2085-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-6402

CVE-2013-6402

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect