CVE-2013-6402
published 2014-01-05CVE-2013-6402: base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the…
PriorityP410low2.1CVSS 2.0
AVLACLAuNCNIPAN
EPSS
0.49%
38.2th percentile
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hplip | < hplip 3.13.11-2.1 (bookworm) | hplip 3.13.11-2.1 (bookworm) |
| hp | linux_imaging_and_printing_project | <= 3.13.11 | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
vendor_ubuntu2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
HPLIP vulnerabilities
vendor_ubuntu·2014-01-21·CVSS 2.1
CVE-2013-6402 [LOW] HPLIP vulnerabilities
Title: HPLIP vulnerabilities
Summary: Several security issues were fixed in HPLIP.
It was discovered that the HPLIP Polkit daemon incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS
and higher, this should be prevented by the Yama link restrictions.
(CVE-2013-6402)
It was discovered that HPLIP contained an upgrade tool that would download
code in an unsafe fashion. If a remote attacker were able to perform a
machine-in-the-middle attack, this flaw could be exploited to execute arbitrary
code. (CVE-2013-6427)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
hplip: insecure temporary file handling in pkit.py
vendor_redhat·2013-10-09·CVSS 2.1
CVE-2013-6402 [LOW] CWE-377 hplip: insecure temporary file handling in pkit.py
hplip: insecure temporary file handling in pkit.py
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
Statement: Not Vulnerable. This issue does not affect the version of hplip as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of hplip3 as shipped with Red Hat Enterprise Linux 5.
Package: hplip (Red Hat Enterprise Linux 5) - Not affected
Package: hplip (Red Hat Enterprise Linux 6) - Not affected
Package: hplip (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-6402: hplip - base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows loc...
vendor_debian·2013·CVSS 2.1
CVE-2013-6402 [LOW] CVE-2013-6402: hplip - base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows loc...
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
Scope: local
bookworm: resolved (fixed in 3.13.11-2.1)
bullseye: resolved (fixed in 3.13.11-2.1)
sid: resolved (fixed in 3.13.11-2.1)
trixie: resolved (fixed in 3.13.11-2.1)
GHSA
GHSA-6q8g-8jp7-r627: base/pkit
ghsa_unreviewed·2022-05-17
CVE-2013-6402 [LOW] CWE-59 GHSA-6q8g-8jp7-r627: base/pkit
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
OSV
CVE-2013-6402: base/pkit
osv·2014-01-05·CVSS 2.1
CVE-2013-6402 [LOW] CVE-2013-6402: base/pkit
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00098.htmlhttp://www.debian.org/security/2013/dsa-2829http://www.ubuntu.com/usn/USN-2085-1https://bugzilla.novell.com/show_bug.cgi?id=852368https://security-tracker.debian.org/tracker/CVE-2013-6402http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00098.htmlhttp://www.debian.org/security/2013/dsa-2829http://www.ubuntu.com/usn/USN-2085-1https://bugzilla.novell.com/show_bug.cgi?id=852368https://security-tracker.debian.org/tracker/CVE-2013-6402
2014-01-05
Published