Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в hplip
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13508
Тип:библиотека
Уровень опасности:
5/10
Описание:Проблема cимвольных, выполнение кода, слабые разрешения.
Затронутые продукты:HP : hplip 3.13
CVE:CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.)
 CVE-2013-6402 (base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.)
 CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.)
 CVE-2013-0200 (HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2829-1] hplip security update (09.01.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород