Executive Summary
Summary | |
---|---|
Title | hplip security update |
Informations | |||
---|---|---|---|
Name | DSA-2152 | First vendor Publication | 2011-01-27 |
Vendor | Debian | Last vendor Modification | 2011-01-27 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Sebastian Krahmer discovered a buffer overflow in the SNMP discovery code of the HP Linux Printing and Imaging System, which could result in the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 2.8.6.b-4+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 3.10.6-2. For the unstable distribution (sid), this problem has been fixed in version 3.10.6-2. For the experimental distribution, this problem has been fixed in version 3.11.1-1. We recommend that you upgrade your hplip packages. |
Original Source
Url : http://www.debian.org/security/2011/dsa-2152 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12140 | |||
Oval ID: | oval:org.mitre.oval:def:12140 | ||
Title: | DSA-2152-1 hplip -- buffer overflow | ||
Description: | Sebastian Krahmer discovered a buffer overflow in the SNMP discovery code of the HP Linux Printing and Imaging System, which could result in the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2152-1 CVE-2010-4267 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | hplip |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13221 | |||
Oval ID: | oval:org.mitre.oval:def:13221 | ||
Title: | USN-1051-1 -- hplip vulnerability | ||
Description: | Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1051-1 CVE-2010-4267 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | hplip |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23302 | |||
Oval ID: | oval:org.mitre.oval:def:23302 | ||
Title: | ELSA-2011:0154: hplip security update (Moderate) | ||
Description: | Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0154-01 CVE-2010-4267 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | hplip hplip3 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for hpijs3 CESA-2011:0154 centos5 x86_64 File : nvt/gb_CESA-2011_0154_hpijs3_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for hpijs CESA-2011:0154 centos5 x86_64 File : nvt/gb_CESA-2011_0154_hpijs_centos5_x86_64.nasl |
2012-04-30 | Name : Gentoo Security Advisory GLSA 201203-17 (hplip) File : nvt/glsa_201203_17.nasl |
2011-09-12 | Name : Fedora Update for hplip FEDORA-2011-11199 File : nvt/gb_fedora_2011_11199_hplip_fc14.nasl |
2011-08-09 | Name : CentOS Update for hpijs3 CESA-2011:0154 centos5 i386 File : nvt/gb_CESA-2011_0154_hpijs3_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for hpijs CESA-2011:0154 centos5 i386 File : nvt/gb_CESA-2011_0154_hpijs_centos5_i386.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2152-1 (hplip) File : nvt/deb_2152_1.nasl |
2011-01-31 | Name : Fedora Update for hplip FEDORA-2011-0524 File : nvt/gb_fedora_2011_0524_hplip_fc14.nasl |
2011-01-31 | Name : Fedora Update for hplip FEDORA-2011-0525 File : nvt/gb_fedora_2011_0525_hplip_fc13.nasl |
2011-01-31 | Name : Ubuntu Update for hplip vulnerability USN-1051-1 File : nvt/gb_ubuntu_USN_1051_1.nasl |
2011-01-21 | Name : RedHat Update for hplip RHSA-2011:0154-01 File : nvt/gb_RHSA-2011_0154-01_hplip.nasl |
2011-01-21 | Name : Mandriva Update for hplip MDVSA-2011:013 (hplip) File : nvt/gb_mandriva_MDVSA_2011_013.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70498 | HP Linux Imaging and Printing (HPLIP) hpmud_get_pml() Function SNMP Response ... HP Linux Imaging and Printing is prone to an overflow condition. The 'hpmud_get_pml' function in 'io/hpmud/pml.c' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted SNMP response with a large length value, a remote attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_hplip-110117.nasl - Type : ACT_GATHER_INFO |
2013-08-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-233-01.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0154.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110117_hplip_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-17.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_hplip-110117.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0154.nasl - Type : ACT_GATHER_INFO |
2011-01-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2152.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-013.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0524.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0525.nasl - Type : ACT_GATHER_INFO |
2011-01-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1051-1.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_hplip-101222.nasl - Type : ACT_GATHER_INFO |
2011-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0154.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:50 |
|