CVE-2011-2924

Published: Nov 19, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Affected (6)

Products: Linuxfoundation: Foomatic Filters · Debian: Debian Linux · Fedoraproject: Fedora

Linuxfoundation

1 product

Foomatic Filters

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linuxfoundation Foomatic Filters	Up to 4.0.12

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 14
Fedoraproject Fedora	Version 15

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (12)

https://access.redhat.com/security/cve/cve-2011-2924

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1

Source: secalert@redhat.com

Release NotesThird Party Advisory

https://lwn.net/Articles/459979/

Source: secalert@redhat.com

Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-2924

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2014/02/08/5/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/security/cve/cve-2011-2924

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://lwn.net/Articles/459979/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-2924

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openwall.com/lists/oss-security/2014/02/08/5/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.