The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:28
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://hplipopensource.com/hplip-web/release_notes.html - Patch, Vendor Advisory | |
| References | () http://rhn.redhat.com/errata/RHSA-2013-0133.html - | |
| References | () http://secunia.com/advisories/48441 - | |
| References | () http://secunia.com/advisories/55083 - | |
| References | () http://security.gentoo.org/glsa/glsa-201203-17.xml - | |
| References | () http://www.openwall.com/lists/oss-security/2011/07/26/14 - | |
| References | () http://www.ubuntu.com/usn/USN-1981-1 - | |
| References | () https://bugs.launchpad.net/hplip/+bug/809904 - | |
| References | () https://bugzilla.novell.com/show_bug.cgi?id=704608 - | |
| References | () https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff - | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=725830 - |
Information
Published : 2012-05-25 20:55
Updated : 2024-11-21 01:28
NVD link : CVE-2011-2722
Mitre link : CVE-2011-2722
CVE.ORG link : CVE-2011-2722
JSON object : View
Products Affected
hp
- linux_imaging_and_printing_project
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')