Detections
Analytics
SuSE 11.2 / 11.3 Security Update : hplip (SAT Patch Numbers 8775 / 8777)
medium Nessus Plugin ID 72277
Language:
Synopsis
The remote SuSE 11 host is missing one or more security updates.Description
hplip was updated to fix three security issues :- Some local file overwrite problems via predictable /tmp filenames were fixed. (CVE-2013-0200)
- hplip used an insecure polkit DBUS API (polkit-process subject race condition) which could lead to local privilege escalation. (CVE-2013-4325)
- hplip uses arbitrary file creation/overwrite (via hard-coded file name /tmp/hp-pkservice.log).
(CVE-2013-6402)
Solution
Apply SAT patch number 8775 / 8777 as appropriate.See Also
https://bugzilla.novell.com/show_bug.cgi?id=808355
https://bugzilla.novell.com/show_bug.cgi?id=835827
https://bugzilla.novell.com/show_bug.cgi?id=836937
https://bugzilla.novell.com/show_bug.cgi?id=852368
http://support.novell.com/security/cve/CVE-2013-0200.html
Plugin Details
Severity: Medium
ID: 72277
File Name: suse_11_hplip-140116.nasl
Version: 1.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/4/2014
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:11:hplip, p-cpe:/a:novell:suse_linux:11:hplip-hpijs, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 1/16/2014