CVE-2013-6402 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	2.1 UNKNOWN	LOCAL	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Vendor	Product	Version
hp	linux_imaging_and_printing_project	𝑥 ≤ 3.13.11
hp	linux_imaging_and_printing_project	3.9.2
hp	linux_imaging_and_printing_project	3.9.4
hp	linux_imaging_and_printing_project	3.9.4:b
hp	linux_imaging_and_printing_project	3.9.4b:b
hp	linux_imaging_and_printing_project	3.9.6
hp	linux_imaging_and_printing_project	3.9.8
hp	linux_imaging_and_printing_project	3.9.10
hp	linux_imaging_and_printing_project	3.9.12
hp	linux_imaging_and_printing_project	3.10.2
hp	linux_imaging_and_printing_project	3.10.5
hp	linux_imaging_and_printing_project	3.10.6
hp	linux_imaging_and_printing_project	3.10.9
hp	linux_imaging_and_printing_project	3.11.1
hp	linux_imaging_and_printing_project	3.11.3
hp	linux_imaging_and_printing_project	3.11.3:a
hp	linux_imaging_and_printing_project	3.11.3a:a
hp	linux_imaging_and_printing_project	3.11.5
hp	linux_imaging_and_printing_project	3.11.7
hp	linux_imaging_and_printing_project	3.11.10
hp	linux_imaging_and_printing_project	3.11.12
hp	linux_imaging_and_printing_project	3.12.2
hp	linux_imaging_and_printing_project	3.12.4
hp	linux_imaging_and_printing_project	3.12.6
hp	linux_imaging_and_printing_project	3.12.9
hp	linux_imaging_and_printing_project	3.12.10
hp	linux_imaging_and_printing_project	3.12.10:a
hp	linux_imaging_and_printing_project	3.12.11
hp	linux_imaging_and_printing_project	3.13.2
hp	linux_imaging_and_printing_project	3.13.3
hp	linux_imaging_and_printing_project	3.13.4
hp	linux_imaging_and_printing_project	3.13.5
hp	linux_imaging_and_printing_project	3.13.6
hp	linux_imaging_and_printing_project	3.13.7
hp	linux_imaging_and_printing_project	3.13.8
hp	linux_imaging_and_printing_project	3.13.9
hp	linux_imaging_and_printing_project	3.13.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

hplip

bullseye	3.21.2+dfsg1-2 fixed
bookworm	3.22.10+dfsg0-2 fixed
sid	3.22.10+dfsg0-5.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

hplip

saucy	Fixed 3.13.9-1ubuntu0.1 released
raring	ignored
quantal	Fixed 3.12.6-3ubuntu4.3 released
precise	Fixed 3.12.2-1ubuntu3.4 released
lucid	Fixed 3.10.2-2ubuntu2.5 released

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876

http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html

http://www.debian.org/security/2013/dsa-2829

http://www.ubuntu.com/usn/USN-2085-1

https://bugzilla.novell.com/show_bug.cgi?id=852368

https://security-tracker.debian.org/tracker/CVE-2013-6402

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876

http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html

http://www.debian.org/security/2013/dsa-2829

http://www.ubuntu.com/usn/USN-2085-1

https://bugzilla.novell.com/show_bug.cgi?id=852368

https://security-tracker.debian.org/tracker/CVE-2013-6402