CVE-2013-0200
published 2013-03-06CVE-2013-0200: HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp…
PriorityP411low1.9CVSS 2.0
AVLACMAuNCNIPAN
EPSS
0.38%
29.8th percentile
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hplip | < hplip 3.12.6-3.1 (bookworm) | hplip 3.12.6-3.1 (bookworm) |
| hp | linux_imaging_and_printing_project | <= 3.12.4 | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:N/I:P/A:N
osv1.2LOW
vendor_debian1.2LOW
vendor_redhat1.2LOW
vendor_ubuntu1.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
HPLIP vulnerabilities
vendor_ubuntu·2013-09-30·CVSS 1.2
CVE-2011-2722 [LOW] HPLIP vulnerabilities
Title: HPLIP vulnerabilities
Summary: HPLIP could be made to overwrite files.
It was discovered that HPLIP incorrectly handled temporary files when using
the fax capabilities. A local attacker could possibly use this issue to
overwrite arbitrary files. This issue only applied to Ubuntu 10.04 LTS.
(CVE-2011-2722)
Tim Waugh discovered that HPLIP incorrectly handled temporary files when
printing. A local attacker could possibly use this issue to overwrite
arbitrary files. In the default installation of Ubuntu 12.04 LTS and Ubuntu
12.10, this should be prevented by the Yama link restrictions.
(CVE-2013-0200)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
hplip: insecure temporary file handling flaws
vendor_redhat·2013-02-21·CVSS 1.2
CVE-2013-0200 [LOW] CWE-377 hplip: insecure temporary file handling flaws
hplip: insecure temporary file handling flaws
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
Statement: This issue does not affect the version of hplip and hplip3 as shipped with Red Hat Enterprise Linux 5. This issue has been addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0500.
Package: hplip (Red Hat Enterprise Linux 5) - Not affected
Package: hplip3 (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2013-0200: hplip - HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overw...
vendor_debian·2013·CVSS 1.2
CVE-2013-0200 [LOW] CVE-2013-0200: hplip - HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overw...
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
Scope: local
bookworm: resolved (fixed in 3.12.6-3.1)
bullseye: resolved (fixed in 3.12.6-3.1)
sid: resolved (fixed in 3.12.6-3.1)
trixie: resolved (fixed in 3.12.6-3.1)
GHSA
GHSA-3xc3-235x-7q23: HP Linux Imaging and Printing (HPLIP) through 3
ghsa_unreviewed·2022-05-17·CVSS 1.2
CVE-2013-0200 [LOW] CWE-59 GHSA-3xc3-235x-7q23: HP Linux Imaging and Printing (HPLIP) through 3
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
OSV
CVE-2013-0200: HP Linux Imaging and Printing (HPLIP) through 3
osv·2013-03-06·CVSS 1.2
CVE-2013-0200 [LOW] CVE-2013-0200: HP Linux Imaging and Printing (HPLIP) through 3
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-6402 hplip: insecure temporary file handling in pkit.py
bugzilla·2013-11-27·CVSS 1.9
CVE-2013-6402 [LOW] CVE-2013-6402 hplip: insecure temporary file handling in pkit.py
CVE-2013-6402 hplip: insecure temporary file handling in pkit.py
A temporary file handling flaw was found in hplip/pkit.py. Because a predicatable temporary filename is used, an attacker could use a symlink attack to overwrite an arbitrary file with the privileges of the process running hplip.
This is a different flaw than CVE-2013-0200.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
Discussion:
Created hplip tracking bugs for this issue:
Affects: fedora-all [bug 1035244]
---
This issue has been assigned CVE-2013-6402 as per:
http://seclists.org/oss-sec/2013/q4/358
---
Quoting from https://bugzilla.redhat.com/show_bug.cgi?id=1035244#c2
The affected code, which implements the BackendServer class, is shipped (base/pkit.py). However, it only does so if the "pol
Bugzilla
CVE-2013-2113 Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment
bugzilla·2013-05-24·CVSS 6.0
CVE-2013-2113 [MEDIUM] CVE-2013-2113 Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment
CVE-2013-2113 Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment
Ramon de C Valle ([email protected]) reports:
There is a mass assignment vulnerability in the create method of the
UsersController controller.
The create method in app/controllers/users_controller.rb deletes the
user-controlled user[admin] parameter from the params hash but saves it to a
local variable and assigns it to the newly created user object bypassing the
:attr_protected mechanism.
def create
admin = params[:user].delete :admin
@user = User.new(params[:user]){|u| u.admin = admin }
if @user.save
@user.roles
Date: Thu Jun 6 11:25:17 2013 +0200
fixes #2630 - restrict assignment of roles to those a user has (CVE-2013-2113)
And cherry-picked to stable branches:
1.2-stab
Bugzilla
CVE-2013-0200 hplip: insecure temporary file handling flaws
bugzilla·2013-01-21·CVSS 1.2
CVE-2013-0200 [LOW] CVE-2013-0200 hplip: insecure temporary file handling flaws
CVE-2013-0200 hplip: insecure temporary file handling flaws
Temporary file handling flaws were found in several places in hplip. Because a predicatable temporary filenames are used, an attacker could use a symlink attack to overwrite an arbitrary file with the privileges of the process running hplip.
This is a different flaw than CVE-2011-2722.
Discussion:
Acknowledgements:
This issue was discovered by Tim Waugh of Red Hat.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0500 https://rhn.redhat.com/errata/RHSA-2013-0500.html
---
Statement:
This issue does not affect the version of hplip and hplip3 as shipped with Red Hat Enterprise Linux 5. This issue has been addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0500.
ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpmhttp://hplipopensource.com/hplip-web/release_notes.htmlhttp://secunia.com/advisories/55083http://www.debian.org/security/2013/dsa-2829http://www.mandriva.com/security/advisories?name=MDVSA-2013:088http://www.ubuntu.com/usn/USN-1981-1https://bugzilla.redhat.com/show_bug.cgi?id=902163https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpmhttp://hplipopensource.com/hplip-web/release_notes.htmlhttp://secunia.com/advisories/55083http://www.debian.org/security/2013/dsa-2829http://www.mandriva.com/security/advisories?name=MDVSA-2013:088http://www.ubuntu.com/usn/USN-1981-1https://bugzilla.redhat.com/show_bug.cgi?id=902163https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072
2013-03-06
Published