CVE-2013-6402

Priority
Medium
Description
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11
allows local users to overwrite arbitrary files via a symlink attack on the
/tmp/hp-pkservice.log temporary file.
References
Bugs
Notes
mdeslaur> mitigated by symlink restrictions (except in lucid)
Assigned-to
mdeslaur
Package
Source: hplip (LP Ubuntu Debian)
Upstream:released (3.14.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.10.2-2ubuntu2.5)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.12.2-1ubuntu3.4)
Ubuntu 12.10 (Quantal Quetzal):released (3.12.6-3ubuntu4.3)
Ubuntu 13.04 (Raring Ringtail):ignored (reached end-of-life)
Ubuntu 13.10 (Saucy Salamander):released (3.13.9-1ubuntu0.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.14.1-1)
Patches:
Vendor:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
Vendor:https://bugs.mageia.org/attachment.cgi?id=4714&action=diff
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-21 15:14:34 UTC (commit 7666)