Symlink Vulnerability in HP Linux Imaging and Printing Software
CVE-2013-0200

Currently unrated

Key Information:

Vendor: HP
Status: Linux Imaging And Printing Project
Vendor: CVE Published:; 6 March 2013

Summary

HP Linux Imaging and Printing (HPLIP) versions up to 3.12.4 are susceptible to a symlink vulnerability that allows local users to overwrite arbitrary files. This occurs through the exploitation of temporary files such as /tmp/hpcupsfilterc_#.bmp, /tmp/hpcupsfilterk_#.bmp, /tmp/hpcups_job#.out, /tmp/hpijs_#####.out, and /tmp/hpps_job#.out. Attackers can leverage this weakness to manipulate file system permissions and compromise system integrity.

References

http://secunia.com/advisories/55083

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-1981-1

vendor-advisoryx_refsource_UBUNTU

ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/v...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 6, 2013
Vulnerability Reserved
Dec 6, 2012