CVE-2013-6402
Published: 5 January 2014
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
Notes
Author | Note |
---|---|
mdeslaur |
mitigated by symlink restrictions (except in lucid) |
Priority
Status
Package | Release | Status |
---|---|---|
hplip
Launchpad, Ubuntu, Debian |
lucid |
Released
(3.10.2-2ubuntu2.5)
|
precise |
Released
(3.12.2-1ubuntu3.4)
|
|
quantal |
Released
(3.12.6-3ubuntu4.3)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Released
(3.13.9-1ubuntu0.1)
|
|
upstream |
Released
(3.14.1)
|
|
Patches:
vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876 vendor: https://bugs.mageia.org/attachment.cgi?id=4714&action=diff |
||
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. |