Red Hat Bugzilla – Bug 902163
CVE-2013-0200 hplip: insecure temporary file handling flaws
Last modified: 2014-09-08 03:09:58 EDT
Temporary file handling flaws were found in several places in hplip. Because a predicatable temporary filenames are used, an attacker could use a symlink attack to overwrite an arbitrary file with the privileges of the process running hplip.
This is a different flaw than CVE-2011-2722.
This issue was discovered by Tim Waugh of Red Hat.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0500 https://rhn.redhat.com/errata/RHSA-2013-0500.html
This issue does not affect the version of hplip and hplip3 as shipped with Red Hat Enterprise Linux 5. This issue has been addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0500.