Vulnerability Details : CVE-2011-2697
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
Vulnerability category: Input validationExecute code
Products affected by CVE-2011-2697
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2697
4.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2697
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-2697
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2697
-
https://bugzilla.redhat.com/show_bug.cgi?id=721001
721001 – (CVE-2011-2697) CVE-2011-2697 foomatic: Improper sanitization of command line option in foomatic-ripExploit;Patch
-
http://www.openwall.com/lists/oss-security/2011/07/28/1
oss-security - Re: CVE Request: hplip/foomatic-filtersExploit;Patch
-
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68993
HP Linux Imaging and Printing foomatic-rip-hplip code execution CVE-2011-2697 Vulnerability Report
-
http://www.ubuntu.com/usn/USN-1194-1
USN-1194-1: Foomatic filters vulnerabilities | Ubuntu security notices
-
http://security.gentoo.org/glsa/glsa-201203-07.xml
foomatic-filters: User-assisted execution of arbitrary code (GLSA 201203-07) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2011/07/18/3
oss-security - Re: CVE Request: hplip/foomatic-filtersExploit;Patch
-
http://www.openwall.com/lists/oss-security/2011/07/13/3
oss-security - CVE Request: hplip/foomatic-filtersExploit;Patch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:125
mandriva.com
-
https://bugzilla.novell.com/show_bug.cgi?id=698451
Bug 698451 – VUL-0: CVE-2011-2697: foomatic-filters and hplip: arbitrary remote code execution as user lp via foomatic-rip and foomatic-rip-hplipExploit;Patch
Jump to