CVE-2011-2924

Sažetak

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Reference

https://lwn.net/Articles/459979/
https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1
https://security-tracker.debian.org/tracker/CVE-2011-2924
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924
https://access.redhat.com/security/cve/cve-2011-2924
https://www.openwall.com/lists/oss-security/2014/02/08/5/1

CVSS

Base:	3.3
Impact:	4.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:M/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

18-08-2020 - 15:05

Objavljeno

19-11-2019 - 22:15