A temporary file handling flaw was found in hplip/pkit.py. Because a predicatable temporary filename is used, an attacker could use a symlink attack to overwrite an arbitrary file with the privileges of the process running hplip. This is a different flaw than CVE-2013-0200. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
Created hplip tracking bugs for this issue: Affects: fedora-all [bug 1035244]
This issue has been assigned CVE-2013-6402 as per: http://seclists.org/oss-sec/2013/q4/358
Quoting from https://bugzilla.redhat.com/show_bug.cgi?id=1035244#c2 The affected code, which implements the BackendServer class, is shipped (base/pkit.py). However, it only does so if the "policy-kit" configuration variable is set to yes -- and that is not the default for Red Hat Enterprise Linux Additionally, even if the configuration is changed, the BackendServer class is only instantiated in the pkservice.py module -- and this is explicitly *not* shipped Statement: Not Vulnerable. This issue does not affect the version of hplip as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of hplip3 as shipped with Red Hat Enterprise Linux 5.