CVE-2013-0200
HP Linux Imaging and Printing Project < 3.12.4 - Arbitrary File Write via Symlink Attack on Temporary Files
Title source: llmDescription
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
References (8)
Core 8
Core References
Various Sources x_refsource_misc
http://hplipopensource.com/hplip-web/release_notes.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55083
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1981-1
Patch x_refsource_confirm
ftp://ftp.scientificlinux.org/linux/scientific/6x/SRPMS/vendor/hplip-3.12.4-4.el6.src.rpm
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=902163
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2829
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:088
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0072
Scores
EPSS
0.0008
EPSS Percentile
22.7%
Details
CWE
CWE-59
Status
published
Products (22)
hp/linux_imaging_and_printing_project
1.0
hp/linux_imaging_and_printing_project
2.0
hp/linux_imaging_and_printing_project
2.7.10
hp/linux_imaging_and_printing_project
3.9.2
hp/linux_imaging_and_printing_project
3.9.4
hp/linux_imaging_and_printing_project
3.9.4b
hp/linux_imaging_and_printing_project
3.9.6
hp/linux_imaging_and_printing_project
3.9.8
hp/linux_imaging_and_printing_project
3.9.10
hp/linux_imaging_and_printing_project
3.9.12
... and 12 more
Published
Mar 06, 2013
Tracked Since
Feb 18, 2026