Ubuntu Update For Hplip USN-2085-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. (CVE-2013-6402) It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code. (CVE-2013-6427)

Affected

hplip on Ubuntu 13.10 , Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-January/002376.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6402, CVE-2013-6427
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for apparmor USN-1430-4
Ubuntu Update for dbus vulnerabilities USN-653-1
Ubuntu Update for bind9 USN-1163-1
Ubuntu Update for bogofilter vulnerability USN-980-1
Ubuntu Update for cups USN-2144-1

Ubuntu Update for hplip USN-2085-1

Take action and discover your vulnerabilities