Red Hat Customer Portal

Skip to main content

CVE-2011-2722

The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.

Details Source

Mitre

Public Date

2011-07-13 00:00:00

Impact

Low

Bugzilla

CVE-2011-2722 hplip: insecure temporary file handling

Bugzilla ID

725 830

CVSS Status

verified

Base Score

1.90

Base Metrics

AV:L/AC:M/Au:N/C:N/I:P/A:N

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (hplip) RHSA-2013:0500 2013-02-20
Red Hat Enterprise Linux 5 (hplip3) RHSA-2013:0133 2013-01-08

CWE

CWE-377

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 hplip Not affected