Vulnerability Details : CVE-2013-6402
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
Exploit prediction scoring system (EPSS) score for CVE-2013-6402
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6402
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-6402
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6402
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html
openSUSE-SU-2014:0146-1: moderate: update for hplip
-
https://security-tracker.debian.org/tracker/CVE-2013-6402
CVE-2013-6402
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
#725876 - hplip: CVE-2013-6402: insecure temporary files handling in pkit.py - Debian Bug report logs
-
https://bugzilla.novell.com/show_bug.cgi?id=852368
Bug 852368 – VUL-0: CVE-2013-6402: hplip: arbitrary file creation/overwrite (via hardcoded file name /tmp/hp-pkservice.log)
-
http://www.ubuntu.com/usn/USN-2085-1
USN-2085-1: HPLIP vulnerabilities | Ubuntu security notices
-
http://www.debian.org/security/2013/dsa-2829
Debian -- Security Information -- DSA-2829-1 hplip
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html
openSUSE-SU-2014:0127-1: moderate: update for hplip
Products affected by CVE-2013-6402
- cpe:2.3:a:hp:linux_imaging_and_printing_project:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.4b:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.7:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.3a:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.10:a:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.11:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.9:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.8:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.9:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.4:b:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.12:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.3:a:*:*:*:*:*:*