Bug 808355 - (CVE-2013-0200) VUL-1: CVE-2013-0200: hplip*: local file overwrite via /tmp files
(CVE-2013-0200)
VUL-1: CVE-2013-0200: hplip*: local file overwrite via /tmp files
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All SUSE Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:54850:moderate maint:r...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-08 15:33 UTC by Marcus Meissner
Modified: 2019-05-01 16:02 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-03-08 15:33:37 UTC
is public, via CVE db

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200

HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local
users to overwrite arbitrary files via a symlink attack on the (1)
/tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3)
/tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5)
/tmp/hpps_job#.out temporary file, a different vulnerability than
CVE-2011-2722.
Comment 1 Swamp Workflow Management 2013-03-08 23:00:24 UTC
bugbot adjusting priority
Comment 2 Johannes Meixner 2013-03-14 11:26:09 UTC
Security-team,
do you know if anyone from HPLIP upstream is involved in CVE-2013-0200?

Googling for "CVE-2013-0200 site:launchpad.net" finds something
for Debian and Ubuntu packages but as far as I see nothing that
directly belongs to HPLIP upstream.

If nobody from HPLIP upstream is already involved in CVE-2013-0200,
should I file an upstream security bug to have them at least informed?

Compare
https://bugzilla.novell.com/show_bug.cgi?id=336658#c38
and subsequent comments how things can go wrong
if upstream gets not involved right from the start.
There CVE-2010-4267 exists since Dec. 2010
but is still not fixed upstream...
Comment 3 Marcus Meissner 2013-03-14 16:24:52 UTC
I did some diffing and it seems that upstream hplip (a) knows about these issues and (b) fixed them between 3.12.11 and 3.13.2.
Comment 8 Swamp Workflow Management 2014-02-03 17:00:43 UTC
Update released for: hplip, hplip-debuginfo, hplip-debugsource, hplip-hpijs
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 9 Swamp Workflow Management 2014-02-03 20:04:21 UTC
SUSE-SU-2014:0188-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 808355,835827,836937,852368
CVE References: CVE-2013-0200,CVE-2013-4325,CVE-2013-6402
Sources used:
SUSE Linux Enterprise Server 11 SP2 for VMware (src):    hplip-3.11.10-0.6.11.1
SUSE Linux Enterprise Server 11 SP2 (src):    hplip-3.11.10-0.6.11.1
SUSE Linux Enterprise Desktop 11 SP2 (src):    hplip-3.11.10-0.6.11.1
Comment 10 Swamp Workflow Management 2014-02-06 20:04:28 UTC
SUSE-SU-2014:0188-2: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 808355,835827,836937,852368
CVE References: CVE-2013-0200,CVE-2013-4325,CVE-2013-6402
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    hplip-3.11.10-0.6.11.1
SUSE Linux Enterprise Server 11 SP3 (src):    hplip-3.11.10-0.6.11.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    hplip-3.11.10-0.6.11.1
Comment 11 Marcus Meissner 2014-02-13 15:28:56 UTC
done