Vulnerability Details : CVE-2011-2722
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
Products affected by CVE-2011-2722
- cpe:2.3:a:hp:linux_imaging_and_printing_project:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.4b:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.7:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.3a:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2722
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2722
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.2
|
LOW | AV:L/AC:H/Au:N/C:N/I:P/A:N |
1.9
|
2.9
|
NIST |
CWE ids for CVE-2011-2722
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2722
-
https://bugzilla.redhat.com/show_bug.cgi?id=725830
725830 – (CVE-2011-2722) CVE-2011-2722 hplip: insecure temporary file handling
-
http://www.openwall.com/lists/oss-security/2011/07/26/14
oss-security - Re: CVE request: hplip: insecure tmp file handling
-
http://hplipopensource.com/hplip-web/release_notes.html
hp's Developer Portal | HP Linux Imaging and PrintingPatch;Vendor Advisory
-
https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff
Attachment 515866 Details for Bug 725830 – hplip-CVE-2011-2722.patch
-
https://bugs.launchpad.net/hplip/+bug/809904
Bug #809904 “insecure tmp file handling in hpcupsfax.cpp” : Bugs : HPLIP
-
http://rhn.redhat.com/errata/RHSA-2013-0133.html
RHSA-2013:0133 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.novell.com/show_bug.cgi?id=704608
Bug 704608 – VUL-1: CVE-2011-2722: hplip: insecure tmp file handling in hpcupsfax.cpp -> potential read/write of arbitrary files
-
http://www.ubuntu.com/usn/USN-1981-1
USN-1981-1: HPLIP vulnerabilities | Ubuntu security notices
-
http://security.gentoo.org/glsa/glsa-201203-17.xml
HPLIP: Multiple vulnerabilities (GLSA 201203-17) — Gentoo security
Jump to