CVE-2011-2722
First published: Tue Jul 26 2011(Updated: )
A temporary file handling flaw was reported [1] in prnt/hpijs/hpcupsfax.cpp, the hplip HP CUPS filter. Because a predicatable temporary filename is used (/tmp/hpcupsfax.out), an attacker could use a symlink attack to overwrite an arbitrary file with the privileges of the process running the HP CUPS fax filter. 422 FILE *fp; 423 fp = NULL; 424 if (iLogLevel & SAVE_PCL_FILE) 425 { 426 fp = fopen ("/tmp/hpcupsfax.out", "w"); 427 system ("chmod 666 /tmp/hpcupsfax.out"); 428 } 429 while ((i = read (fdFax, pTmp, iSize)) > 0) 430 { 431 write (STDOUT_FILENO, pTmp, i); 432 if (iLogLevel & SAVE_PCL_FILE && fp) 433 { 434 fwrite (pTmp, 1, i, fp); 435 } 436 } 437 free (pTmp); This flaw only exists in hplip 3.x and is not present in earlier versions of hplip. [1] <a href="https://bugzilla.novell.com/show_bug.cgi?id=704608">https://bugzilla.novell.com/show_bug.cgi?id=704608</a> Statement: This issue did not affect the versions of hplip as shipped with Red Hat Enterprise Linux 5. A future update in Red Hat Enterprise Linux 5 (for hplip3) and 6 may address this flaw.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Linux Imaging And Printing Project | =3.9.6 | |
| Hp Linux Imaging And Printing Project | =3.10.6 | |
| Hp Linux Imaging And Printing Project | =3.11.1 | |
| Hp Linux Imaging And Printing Project | =3.11.3a | |
| Hp Linux Imaging And Printing Project | =3.9.4b | |
| Hp Linux Imaging And Printing Project | =3.9.12 | |
| Hp Linux Imaging And Printing Project | =3.9.4 | |
| Hp Linux Imaging And Printing Project | =3.9.10 | |
| Hp Linux Imaging And Printing Project | =3.10.9 | |
| Hp Linux Imaging And Printing Project | =3.9.8 | |
| Hp Linux Imaging And Printing Project | =3.10.5 | |
| Hp Linux Imaging And Printing Project | =3.11.3 | |
| Hp Linux Imaging And Printing Project | =3.9.2 | |
| Hp Linux Imaging And Printing Project | =3.10.2 | |
| Hp Linux Imaging And Printing Project | <=3.11.5 | |
| Hp Linux Imaging And Printing Project | =3.11.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff
- http://www.openwall.com/lists/oss-security/2011/07/26/14
- https://bugs.launchpad.net/hplip/+bug/809904
- https://bugzilla.novell.com/show_bug.cgi?id=704608
- http://hplipopensource.com/hplip-web/release_notes.html
- https://bugzilla.redhat.com/show_bug.cgi?id=725830
- http://security.gentoo.org/glsa/glsa-201203-17.xml
- http://secunia.com/advisories/48441
- http://rhn.redhat.com/errata/RHSA-2013-0133.html
- http://secunia.com/advisories/55083
- http://www.ubuntu.com/usn/USN-1981-1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=725831
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515866&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=515866&action=edit
- https://rhn.redhat.com/errata/RHSA-2013-0133.html
- https://rhn.redhat.com/errata/RHSA-2013-0500.html
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2722
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/trending
- vendor/hp
- canonical/hp linux imaging and printing project
- version/hp linux imaging and printing project/3.9.6
- version/hp linux imaging and printing project/3.10.6
- version/hp linux imaging and printing project/3.11.1
- version/hp linux imaging and printing project/3.11.3a
- version/hp linux imaging and printing project/3.9.4b
- version/hp linux imaging and printing project/3.9.12
- version/hp linux imaging and printing project/3.9.4
- version/hp linux imaging and printing project/3.9.10
- version/hp linux imaging and printing project/3.10.9
- version/hp linux imaging and printing project/3.9.8
- version/hp linux imaging and printing project/3.10.5
- version/hp linux imaging and printing project/3.11.3
- version/hp linux imaging and printing project/3.9.2
- version/hp linux imaging and printing project/3.10.2
- version/hp linux imaging and printing project/3.11.5
- version/hp linux imaging and printing project/3.11.7