CVE-2012-6108 — HP Linux Imaging AND Printing Project vulnerability

CWE-2646 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 82.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Linux Imaging AND Printing Project Debian Hplip

Timeline

PublishedFeb 15

Latest updateMay 17

Description

HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDhp/linux_imaging_and_printing_project3.13.1+26

▶debiandebian/hplip

🔴Vulnerability Details

GHSA

GHSA-m94g-3gxv-33gg: HP Linux Imaging and Printing (HPLIP) before 3↗2022-05-17

▶

📋Vendor Advisories

Red Hat

hplip: default permissions for /var/log/hp are too open↗2012-11-27

▶

Debian

CVE-2012-6108: hplip - HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissi...↗2012

▶

💬Community

Bugzilla

CVE-2012-6108 hplip: default permissions for /var/log/hp are too open↗2013-01-11

▶

Bugzilla

CVE-2012-2094 python-django-horizon: XSS vulnerability in Horizon log viewer [fedora-17]↗2012-04-17

▶