CVE-2013-0200

medium

Description

HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.

References

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072

https://bugzilla.redhat.com/show_bug.cgi?id=902163

http://www.ubuntu.com/usn/USN-1981-1

http://www.mandriva.com/security/advisories?name=MDVSA-2013:088

http://www.debian.org/security/2013/dsa-2829

http://secunia.com/advisories/55083

http://hplipopensource.com/hplip-web/release_notes.html

Details

Source: Mitre, NVD

Published: 2013-03-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium