1
PublicDateAtUSN: 2013-03-06
2
Candidate: CVE-2013-0200
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200
6
https://usn.ubuntu.com/usn/usn-1981-1
8
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to
9
overwrite arbitrary files via a symlink attack on the (1)
10
/tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3)
11
/tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out
12
temporary file, a different vulnerability than CVE-2011-2722.
15
mdeslaur> possibly related bugs:
16
mdeslaur> https://bugzilla.redhat.com/show_bug.cgi?id=830630
17
mdeslaur> https://bugs.launchpad.net/hplip/+bug/1016507
19
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701185
21
Discovered-by: Tim Waugh
25
upstream_hplip: needs-triage
26
hardy_hplip: ignored (reached end-of-life)
27
lucid_hplip: released (3.10.2-2ubuntu2.4)
28
oneiric_hplip: ignored (reached end-of-life)
29
precise_hplip: released (3.12.2-1ubuntu3.3)
30
quantal_hplip: released (3.12.6-3ubuntu4.2)
31
raring_hplip: not-affected (3.13.3-1ubuntu0.1)
32
devel_hplip: not-affected (3.13.9-1)