CVE-2011-2924

EPSS 0.13%
Published 19.11.2019 22:15:10
Last modified 21.11.2024 01:29:17
Source secalert@redhat.com
Teams watchlist Login
Open Login

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Linuxfoundation ≫ Foomatic-filters Version <= 4.0.12

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version14

Fedoraproject ≫ Fedora Version15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.327

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	3.3	3.4	4.9	AV:L/AC:M/Au:N/C:N/I:P/A:P

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://access.redhat.com/security/cve/cve-2011-2924

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924

Third Party Advisory

Issue Tracking

https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1

Third Party Advisory

Release Notes

https://lwn.net/Articles/459979/

Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-2924

Third Party Advisory