Mandriva Linux Security Advisory : hplip (MDVSA-2014:023)

Medium Nessus Plugin ID 72135


The remote Mandriva Linux host is missing one or more security updates.


Updated hplip packages fix security vulnerabilities :

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files (CVE-2013-6402).

It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code (CVE-2013-6427).


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 72135

File Name: mandriva_MDVSA-2014-023.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2014/01/27

Modified: 2014/01/28

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:hplip, p-cpe:/a:mandriva:linux:hplip-doc, p-cpe:/a:mandriva:linux:hplip-hpijs, p-cpe:/a:mandriva:linux:hplip-hpijs-ppds, p-cpe:/a:mandriva:linux:hplip-model-data, p-cpe:/a:mandriva:linux:lib64hpip0, p-cpe:/a:mandriva:linux:lib64hpip0-devel, p-cpe:/a:mandriva:linux:lib64sane-hpaio1, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/01/24

Reference Information

CVE: CVE-2013-6402, CVE-2013-6427

BID: 63959, 64131

MDVSA: 2014:023