Vulnerability Description
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Linux Imaging And Printing Project | <= 3.11.5 |
Related Weaknesses (CWE)
References
- http://hplipopensource.com/hplip-web/release_notes.htmlPatchVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0133.html
- http://secunia.com/advisories/48441
- http://secunia.com/advisories/55083
- http://security.gentoo.org/glsa/glsa-201203-17.xml
- http://www.openwall.com/lists/oss-security/2011/07/26/14
- http://www.ubuntu.com/usn/USN-1981-1
- https://bugs.launchpad.net/hplip/+bug/809904
- https://bugzilla.novell.com/show_bug.cgi?id=704608
- https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff
- https://bugzilla.redhat.com/show_bug.cgi?id=725830
- http://hplipopensource.com/hplip-web/release_notes.htmlPatchVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0133.html
- http://secunia.com/advisories/48441
- http://secunia.com/advisories/55083
FAQ
What is CVE-2011-2722?
CVE-2011-2722 is a vulnerability with a CVSS score of 1.2 (LOW). The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tm...
How severe is CVE-2011-2722?
CVE-2011-2722 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2722?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Linux Imaging And Printing Project.