foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Foomatic-filters | Linuxfoundation | * | * |
Foomatic-filters | Ubuntu | devel | * |
Foomatic-filters | Ubuntu | hardy | * |
Foomatic-filters | Ubuntu | lucid | * |
Foomatic-filters | Ubuntu | maverick | * |
Foomatic-filters | Ubuntu | natty | * |
Foomatic-filters | Ubuntu | oneiric | * |
Foomatic-filters | Ubuntu | precise | * |
Foomatic-filters | Ubuntu | quantal | * |
Foomatic-filters | Ubuntu | raring | * |
Foomatic-filters | Ubuntu | saucy | * |
Foomatic-filters | Ubuntu | trusty | * |
Foomatic-filters | Ubuntu | utopic | * |
Foomatic-filters | Ubuntu | vivid | * |