CVE Vulnerabilities

CVE-2011-2924

Improper Link Resolution Before File Access ('Link Following')

Published: Nov 19, 2019 | Modified: Aug 18, 2020
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
3.3 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P
RedHat/V2
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
LOW

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
Foomatic-filters Linuxfoundation * 4.0.12 (including)
Foomatic-filters Ubuntu devel *
Foomatic-filters Ubuntu hardy *
Foomatic-filters Ubuntu lucid *
Foomatic-filters Ubuntu maverick *
Foomatic-filters Ubuntu natty *
Foomatic-filters Ubuntu oneiric *
Foomatic-filters Ubuntu precise *
Foomatic-filters Ubuntu quantal *
Foomatic-filters Ubuntu raring *
Foomatic-filters Ubuntu saucy *
Foomatic-filters Ubuntu trusty *
Foomatic-filters Ubuntu utopic *
Foomatic-filters Ubuntu vivid *

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References