CVE-2011-2924 - Improper Link Resolution Before File Access ('Link Following')

Severity

55%

Complexity

18%

Confidentiality

60%

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

CVSS 2.0 Base Score 3.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P).

Overview

First reported 5 years ago

2019-11-19 22:15:00

Last updated 5 years ago

2019-11-25 17:17:00

Affected Software

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

Debian Linux 10

10

Fedora 14

14

Fedora 15

15

References

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2011-2924 - Improper Link Resolution Before File Access ('Link Following')

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 5 years ago

Last updated 5 years ago

Affected Software

Debian Linux 8.0 (Jessie)

Debian Linux 9.0

Debian Linux 10

Fedora 14

Fedora 15

References

https://access.redhat.com/security/cve/cve-2011-2924

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924

https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1

https://lwn.net/Articles/459979/

https://security-tracker.debian.org/tracker/CVE-2011-2924

https://www.openwall.com/lists/oss-security/2014/02/08/5/1

Stay updated

Get in touch