CVE-2011-2924 — MEDIUM (5.5)

Q: How severe is CVE-2011-2924?

CVE-2011-2924 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-2924?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Foomatic-Filters, Debian Debian Linux, Fedoraproject Fedora.

Vulnerability Description

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Linuxfoundation	Foomatic-Filters	<= 4.0.12
Debian	Debian Linux	8.0
Fedoraproject	Fedora	14

Related Weaknesses (CWE)

CWE-59

References

https://access.redhat.com/security/cve/cve-2011-2924Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924Issue TrackingThird Party Advisory
https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1Release NotesThird Party Advisory
https://lwn.net/Articles/459979/Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-2924Third Party Advisory
https://www.openwall.com/lists/oss-security/2014/02/08/5/1Mailing ListThird Party Advisory
https://access.redhat.com/security/cve/cve-2011-2924Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924Issue TrackingThird Party Advisory
https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1Release NotesThird Party Advisory
https://lwn.net/Articles/459979/Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-2924Third Party Advisory
https://www.openwall.com/lists/oss-security/2014/02/08/5/1Mailing ListThird Party Advisory

FAQ

What is CVE-2011-2924?

CVE-2011-2924 is a vulnerability with a CVSS score of 5.5 (MEDIUM). foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a loca...

How severe is CVE-2011-2924?

CVE-2011-2924 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2924?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Foomatic-Filters, Debian Debian Linux, Fedoraproject Fedora.