CVE-2013-6402

Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing (HPLIP) versions through 3.13.11

Description The issue concerns multiple vulnerabilities in the HPLIP package of the Debian GNU/Linux operating system. These vulnerabilities can be exploited by a local attacker, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the base/pkit.py file in HPLIP is vulnerable to a symlink attack, allowing local users to overwrite arbitrary files via the /tmp/hp-pkservice.log temporary file.

Recommendations For HPLIP versions through 3.13.11, consider restricting access to the base/pkit.py file to prevent exploitation until a patch is available. As a temporary workaround, avoid using the hp-pkservice.log temporary file in the /tmp directory to minimize the risk of arbitrary file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.