Executive Summary

Informations
NameCVE-2011-2722First vendor Publication2012-05-25
VendorCveLast vendor Modification2013-02-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score1.2Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score1.9AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2722

CWE : Common Weakness Enumeration

idName
CWE-59Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application16

Open Source Vulnerability Database (OSVDB)

idDescription
76797HP Linux Imaging and Printing (HPLIP) prnt/hpijs/hpcupsfax.cpp send_data_to_s...

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://hplipopensource.com/hplip-web/release_notes.html
https://bugs.launchpad.net/hplip/+bug/809904
https://bugzilla.novell.com/show_bug.cgi?id=704608
https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=725830
GENTOOhttp://security.gentoo.org/glsa/glsa-201203-17.xml
MLISThttp://www.openwall.com/lists/oss-security/2011/07/26/14
REDHAThttp://rhn.redhat.com/errata/RHSA-2013-0133.html
SECUNIAhttp://secunia.com/advisories/48441

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2013-05-10 23:03:42
  • Multiple Updates
2013-02-07 13:19:50
  • Multiple Updates