CVE-2013-0200
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
1.9
Description
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com โ ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| rhel | 6.0 | affected | |
| debian | bookworm | fixed | 3.12.6-3.1 |
| debian | bullseye | fixed | 3.12.6-3.1 |
| debian | sid | fixed | 3.12.6-3.1 |
| debian | trixie | fixed | 3.12.6-3.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | linux_imaging_and_printing_project | {"endIncluding":"3.12.4"} | |
| hp | linux_imaging_and_printing_project | 1.0 | |
| hp | linux_imaging_and_printing_project | 2.0 | |
| hp | linux_imaging_and_printing_project | 2.7.10 | |
| hp | linux_imaging_and_printing_project | 3.9.2 | |
| hp | linux_imaging_and_printing_project | 3.9.4 | |
| hp | linux_imaging_and_printing_project | 3.9.4b | |
| hp | linux_imaging_and_printing_project | 3.9.6 | |
| hp | linux_imaging_and_printing_project | 3.9.8 | |
| hp | linux_imaging_and_printing_project | 3.9.10 | |
| hp | linux_imaging_and_printing_project | 3.9.12 | |
| hp | linux_imaging_and_printing_project | 3.10.2 | |
| hp | linux_imaging_and_printing_project | 3.10.5 | |
| hp | linux_imaging_and_printing_project | 3.10.6 | |
| hp | linux_imaging_and_printing_project | 3.10.9 | |
| hp | linux_imaging_and_printing_project | 3.11.1 | |
| hp | linux_imaging_and_printing_project | 3.11.3 | |
| hp | linux_imaging_and_printing_project | 3.11.3a | |
| hp | linux_imaging_and_printing_project | 3.11.5 | |
| hp | linux_imaging_and_printing_project | 3.11.7 | |
| hp | linux_imaging_and_printing_project | 3.11.10 | |
References
- https://www.suse.com/security/cve/CVE-2013-0200.html
- ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm
- http://hplipopensource.com/hplip-web/release_notes.html
- http://secunia.com/advisories/55083
- http://www.debian.org/security/2013/dsa-2829
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:088
- http://www.ubuntu.com/usn/USN-1981-1
- https://bugzilla.redhat.com/show_bug.cgi?id=902163
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072
- https://security-tracker.debian.org/tracker/CVE-2013-0200
CWEs
CWE-59
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.