Bug 894283 - (CVE-2012-6108) CVE-2012-6108 hplip: default permissions for /var/log/hp are too open
CVE-2012-6108 hplip: default permissions for /var/log/hp are too open
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20121127,reported=20130114,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-11 05:03 EST by Petr Sklenar
Modified: 2013-02-07 02:59 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-20 22:57:47 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1016507 None None None Never

  None (edit)
Comment 9 Huzaifa S. Sidhpurwala 2013-01-20 22:55:07 EST
It was found that /var/log/hp and /var/log/hp/tmp are both world-writeable in hplip 3.12.x. This flaw could be used to delete log files from the /var/log/hp directory. 

This flaw has been assigned CVE-2012-6108.

External Reference:

https://bugs.launchpad.net/hplip/+bug/1016507/comments/1
Comment 10 Huzaifa S. Sidhpurwala 2013-01-20 22:57:10 EST
Statement:

Not Vulnerable. This issue does not affect the version of hplip and hplip3 as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of hplip as shipped with Red Hat Enterprise Linux 6.
Comment 11 Huzaifa S. Sidhpurwala 2013-01-20 22:57:47 EST
This issue does not affect the version of hplip as shipped with Fedora 16, Fedora 17 and Fedora 18.

Note You need to log in before you can comment on or make changes to this bug.