Mandriva Linux Security Advisory : hplip (MDVSA-2014:023)

medium Nessus Plugin ID 72135

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated hplip packages fix security vulnerabilities :

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files (CVE-2013-6402).

It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code (CVE-2013-6427).

Solution

Update the affected packages.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876

Plugin Details

Severity: Medium

ID: 72135

File Name: mandriva_MDVSA-2014-023.nasl

Version: 1.7

Type: local

Published: 1/27/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:hplip, p-cpe:/a:mandriva:linux:hplip-doc, p-cpe:/a:mandriva:linux:hplip-hpijs, p-cpe:/a:mandriva:linux:hplip-hpijs-ppds, p-cpe:/a:mandriva:linux:hplip-model-data, p-cpe:/a:mandriva:linux:lib64hpip0, p-cpe:/a:mandriva:linux:lib64hpip0-devel, p-cpe:/a:mandriva:linux:lib64sane-hpaio1, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/24/2014

Reference Information

CVE: CVE-2013-6402, CVE-2013-6427

BID: 63959, 64131

MDVSA: 2014:023