PT-2012-1101 · Hewlett Packard+2 · Hplip+2

Vincent Danen

Publicado

2012-03-16

Atualizado

2024-06-15

CVE-2011-2722

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing (HPLIP) versions 3.x through 3.11.9

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file, potentially leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation of the issue may be possible remotely.

Recommendations For HPLIP versions 3.x through 3.11.9, update to version 3.11.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the send data to stdout function in prnt/hpijs/hpcupsfax.cpp until a patch is available.

Correção

Link Following

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59CWE-119

Identificadores relacionados

BDU:2015-09433

CESA-2013_0500

CVE-2011-2722

OPENSUSE-SU-2024:10083-1

RHSA-2013:0133

RHSA-2013:0500

RHSA-2013_0133

RHSA-2013_0500

Produtos afetados

Centos

Hplip

Red Hat

PT-2012-1101 · Hewlett Packard+2 · Hplip+2

CVE-2011-2722

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 42