GLSA-201203-17

Executive Summary

Summary
Title	HPLIP: Multiple vulnerabilities

Informations
Name	GLSA-201203-17	First vendor Publication	2012-03-16
Vendor	Gentoo	Last vendor Modification	2012-03-16
Severity (Vendor)	High	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in HPLIP, the worst of which may allow execution of arbitrary code.

Background

The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides drivers for HP's inkjet and laser printers, scanners and fax machines.

Description

Two vulnerabilities have been found in HPLIP:

* The "hpmud_get_pml()" function in pml.c contains a boundary error which could cause a stack-based buffer overflow (CVE-2010-4267).
* The "send_data_to_stdout()" function in hpcupsfax.cpp creates insecure temporary files (CVE-2011-2722).

Impact

A remote attacker might send specially crafted SNMP reponses, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a local attacker could perform symlink attacks to overwrite arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All HPLIP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/hplip-3.11.10"

References

[ 1 ] CVE-2010-4267 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4267
[ 2 ] CVE-2011-2722 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2722

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201203-17.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201203-17.xml

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-59	Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Hp Linux Imaging And Printing Project cpe:/a:hp:linux_imaging_and_printing_project:3.9.8 cpe:/a:hp:linux_imaging_and_printing_project:3.9.6 cpe:/a:hp:linux_imaging_and_printing_project:3.9.4b cpe:/a:hp:linux_imaging_and_printing_project:3.9.4 cpe:/a:hp:linux_imaging_and_printing_project:3.9.2 cpe:/a:hp:linux_imaging_and_printing_project:3.9.12 cpe:/a:hp:linux_imaging_and_printing_project:3.9.10 cpe:/a:hp:linux_imaging_and_printing_project:3.11.7 cpe:/a:hp:linux_imaging_and_printing_project:3.11.5 cpe:/a:hp:linux_imaging_and_printing_project:3.11.3a cpe:/a:hp:linux_imaging_and_printing_project:3.11.3 cpe:/a:hp:linux_imaging_and_printing_project:3.11.1 cpe:/a:hp:linux_imaging_and_printing_project:3.10.9 cpe:/a:hp:linux_imaging_and_printing_project:3.10.6 cpe:/a:hp:linux_imaging_and_printing_project:3.10.5 cpe:/a:hp:linux_imaging_and_printing_project:3.10.2 cpe:/a:hp:linux_imaging_and_printing_project:1.6.7	17

Open Source Vulnerability Database (OSVDB)

id	Description
76797	HP Linux Imaging and Printing (HPLIP) prnt/hpijs/hpcupsfax.cpp send_data_to_s...
70498	HP Linux Imaging and Printing (HPLIP) hpmud_get_pml() Function SNMP Response ...