1.2
CVE-2011-2722
- EPSS 0.44%
- Veröffentlicht 25.05.2012 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:31:52
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hp ≫ Linux Imaging And Printing Project Version <= 3.11.5
Hp ≫ Linux Imaging And Printing Project Version3.9.2
Hp ≫ Linux Imaging And Printing Project Version3.9.4
Hp ≫ Linux Imaging And Printing Project Version3.9.4b
Hp ≫ Linux Imaging And Printing Project Version3.9.6
Hp ≫ Linux Imaging And Printing Project Version3.9.8
Hp ≫ Linux Imaging And Printing Project Version3.9.10
Hp ≫ Linux Imaging And Printing Project Version3.9.12
Hp ≫ Linux Imaging And Printing Project Version3.10.2
Hp ≫ Linux Imaging And Printing Project Version3.10.5
Hp ≫ Linux Imaging And Printing Project Version3.10.6
Hp ≫ Linux Imaging And Printing Project Version3.10.9
Hp ≫ Linux Imaging And Printing Project Version3.11.1
Hp ≫ Linux Imaging And Printing Project Version3.11.3
Hp ≫ Linux Imaging And Printing Project Version3.11.3a
Hp ≫ Linux Imaging And Printing Project Version3.11.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.2 | 1.9 | 2.9 |
AV:L/AC:H/Au:N/C:N/I:P/A:N
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
http://secunia.com/advisories/48441
http://security.gentoo.org/glsa/glsa-201203-17.xml
http://hplipopensource.com/hplip-web/release_notes.html
http://rhn.redhat.com/errata/RHSA-2013-0133.html
http://secunia.com/advisories/55083
http://www.openwall.com/lists/oss-security/2011/07/26/14
http://www.ubuntu.com/usn/USN-1981-1
https://bugs.launchpad.net/hplip/+bug/809904
https://bugzilla.novell.com/show_bug.cgi?id=704608
https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=725830