PT-2012-1101 · Hewlett Packard+2 · Hplip+2

Vincent Danen

·

Published

2012-03-16

·

Updated

2024-06-15

·

CVE-2011-2722

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing (HPLIP) versions 3.x through 3.11.9
Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file, potentially leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation of the issue may be possible remotely.
Recommendations For HPLIP versions 3.x through 3.11.9, update to version 3.11.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the send data to stdout function in prnt/hpijs/hpcupsfax.cpp until a patch is available.

Fix

Link Following

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-119

Related Identifiers

BDU:2015-09433
CESA-2013_0500
CVE-2011-2722
OPENSUSE-SU-2024:10083-1
RHSA-2013:0133
RHSA-2013:0500
RHSA-2013_0133
RHSA-2013_0500

Affected Products

Centos
Hplip
Red Hat