CVE-2011-2923Link Following in Foomatic-filters

CWE-59Link FollowingCWE-377Insecure Temporary File6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 59.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Foomatic-filtersDebian LinuxDebian Foomatic-filters
Timeline
PublishedNov 19
Latest updateApr 22

Description

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5foomatic-filters/foomatic-filtersall versions

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-m9x3-4xc7-wxxp: foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode wa2022-04-22
OSV
CVE-2011-2923: foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode wa2019-11-19

📋Vendor Advisories

2
Red Hat
foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data2011-07-28
Debian
CVE-2011-2923: foomatic-filters - foomatic-rip filter, all versions, used insecurely creates temporary files for s...2011

💬Community

1
Bugzilla
CVE-2011-2923 CVE-2011-2924 foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data2011-07-28