CVSS: 1.9EPSS: 0%CPEs: 16EXPL: 0CVE-2011-2722 – hplip: insecure temporary file handling
https://notcve.org/view.php?id=CVE-2011-2722
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. La función send_data_to_stdout en prnt/hpijs/hpcupsfax.cpp en HP Linux Imaging y Printing (HPLIP) v3.x anterior a v3.11.10 permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos sobre el fichero temporal /tmp/hpcupsfax.out • http://hplipopensource.com/hplip-web/release_notes.html http://rhn.redhat.com/errata/RHSA-2013-0133.html http://secunia.com/advisories/48441 http://secunia.com/advisories/55083 http://security.gentoo.org/glsa/glsa-201203-17.xml http://www.openwall.com/lists/oss-security/2011/07/26/14 http://www.ubuntu.com/usn/USN-1981-1 https://bugs.launchpad.net/hplip/+bug/809904 https://bugzilla.novell.com/show_bug.cgi?id=704608 https://bugzilla.redhat.com/attachment.cgi?id&# • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.5EPSS: 11%CPEs: 3EXPL: 0CVE-2010-4267 – hplip: remote stack overflow vulnerability
https://notcve.org/view.php?id=CVE-2010-4267
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. Desbordamiento de búfer basado en pila en la función hpmud_get_pml de io/hpmud/pml.c de Hewlett-Packard Linux Imaging and Printing (HPLIP) v1.6.7, v3.9.8, v3.10.9 y puede que otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) y probablemente ejecutar código de su elección mediante una respuesta SNMP manipulada con un valor de longitud largo. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://osvdb.org/70498 http://secunia.com/advisories/42939 http://secunia.com/advisories/42956 http://secunia.com/advisories/43022 http://secunia.com/advisories/43068 http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •