CVE-2013-6402Link Following in Hplip

CWE-59Link FollowingCWE-377Insecure Temporary File7 documents7 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 81.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian HplipHP Linux Imaging AND Printing Project
Timeline
PublishedJan 5
Latest updateMay 17

Description

base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

debiandebian/hplip< hplip 3.13.11-2.1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-6q8g-8jp7-r627: base/pkit2022-05-17
OSV
CVE-2013-6402: base/pkit2014-01-05

📋Vendor Advisories

3
Ubuntu
HPLIP vulnerabilities2014-01-21
Red Hat
hplip: insecure temporary file handling in pkit.py2013-10-09
Debian
CVE-2013-6402: hplip - base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows loc...2013

💬Community

1
Bugzilla
CVE-2013-6402 hplip: insecure temporary file handling in pkit.py2013-11-27