CVE-2013-6427

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-6427 at MITRE

Description

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

SUSE information

SUSE Bugzilla entries: 852368 [RESOLVED / FIXED], 853405 [RESOLVED / FIXED], 900460 [RESOLVED / ], 933191 [CONFIRMED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • hplip >= 3.12.11-2.9.2
  • hplip-debuginfo >= 3.12.11-2.9.2
  • hplip-debugsource >= 3.12.11-2.9.2
  • hplip-hpijs >= 3.12.11-2.9.2
  • hplip-hpijs-debuginfo >= 3.12.11-2.9.2
  • hplip-sane >= 3.12.11-2.9.2
  • hplip-sane-debuginfo >= 3.12.11-2.9.2
Patchnames:
openSUSE-2014-80
openSUSE 13.1
  • hplip >= 3.13.10-4.2
  • hplip-debuginfo >= 3.13.10-4.2
  • hplip-debugsource >= 3.13.10-4.2
  • hplip-hpijs >= 3.13.10-4.2
  • hplip-hpijs-debuginfo >= 3.13.10-4.2
  • hplip-sane >= 3.13.10-4.2
  • hplip-sane-debuginfo >= 3.13.10-4.2
Patchnames:
openSUSE-2014-80