foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/cve-2011-2924 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924 | Issue Tracking Third Party Advisory |
https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1 | Release Notes Third Party Advisory |
https://lwn.net/Articles/459979/ | Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2011-2924 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2014/02/08/5/1 | Mailing List Third Party Advisory |
https://access.redhat.com/security/cve/cve-2011-2924 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924 | Issue Tracking Third Party Advisory |
https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1 | Release Notes Third Party Advisory |
https://lwn.net/Articles/459979/ | Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2011-2924 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2014/02/08/5/1 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/cve-2011-2924 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924 - Issue Tracking, Third Party Advisory | |
References | () https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1 - Release Notes, Third Party Advisory | |
References | () https://lwn.net/Articles/459979/ - Third Party Advisory | |
References | () https://security-tracker.debian.org/tracker/CVE-2011-2924 - Third Party Advisory | |
References | () https://www.openwall.com/lists/oss-security/2014/02/08/5/1 - Mailing List, Third Party Advisory |
Information
Published : 2019-11-19 22:15
Updated : 2024-11-21 01:29
NVD link : CVE-2011-2924
Mitre link : CVE-2011-2924
CVE.ORG link : CVE-2011-2924
JSON object : View
Products Affected
debian
- debian_linux
linuxfoundation
- foomatic-filters
fedoraproject
- fedora
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')