Executive Summary
| Summary | |
|---|---|
| Title | hplip security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2007:0960 | First vendor Publication | 2007-10-11 |
| Vendor | RedHat | Last vendor Modification | 2007-10-11 |
| Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.6 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: An updated hplip package to correct a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 3. Problem description: The hplip (Hewlett-Packard Linux Imaging and Printing Project) package provides drivers for HP printers and multi-function peripherals. Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. (CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted policy for hpssd which is enabled by default, blocks the ability to exploit this issue to run arbitrary code. Users of hplip are advised to upgrade to this updated package, which contains backported patches to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 319921 - CVE-2007-5208 hplip arbitrary command execution |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2007-0960.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10692 | |||
| Oval ID: | oval:org.mitre.oval:def:10692 | ||
| Title: | hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail. | ||
| Description: | hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-5208 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17730 | |||
| Oval ID: | oval:org.mitre.oval:def:17730 | ||
| Title: | USN-530-1 -- hplip vulnerability | ||
| Description: | It was discovered that the hpssd tool of hplip did not correctly handle shell meta-characters. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-530-1 CVE-2007-5208 | Version: | 7 |
| Platform(s): | Ubuntu 6.10 Ubuntu 7.04 | Product(s): | hplip |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20308 | |||
| Oval ID: | oval:org.mitre.oval:def:20308 | ||
| Title: | DSA-1462-1 hplip - missing input sanitising | ||
| Description: | Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1462-1 CVE-2007-5208 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | hplip |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21722 | |||
| Oval ID: | oval:org.mitre.oval:def:21722 | ||
| Title: | ELSA-2007:0960: hplip security update (Important) | ||
| Description: | hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2007:0960-01 CVE-2007-5208 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | hplip |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8070 | |||
| Oval ID: | oval:org.mitre.oval:def:8070 | ||
| Title: | DSA-1462 hplip -- missing input sanitising | ||
| Description: | Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user. The old stable distribution (sarge) is not affected by this problem. For the stable distribution (etch), this problem has been fixed in version 1.6.10-3etch1. For the unstable distribution (sid), this problem has been fixed in version 1.6.10-4.3. We recommend that you upgrade your hplip packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1462 CVE-2007-5208 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | hplip |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-13 | Name : SLES10: Security update for hplip17 and hplip17-hpijs File : nvt/sles10_hplip17.nasl |
| 2009-04-09 | Name : Mandriva Update for hplip MDKSA-2007:201 (hplip) File : nvt/gb_mandriva_MDKSA_2007_201.nasl |
| 2009-03-23 | Name : Ubuntu Update for hplip vulnerability USN-530-1 File : nvt/gb_ubuntu_USN_530_1.nasl |
| 2009-02-27 | Name : Fedora Update for hplip FEDORA-2007-2527 File : nvt/gb_fedora_2007_2527_hplip_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for hplip FEDORA-2007-724 File : nvt/gb_fedora_2007_724_hplip_fc6.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-26 (hplip) File : nvt/glsa_200710_26.nasl |
| 2008-01-31 | Name : Debian Security Advisory DSA 1462-1 (hplip) File : nvt/deb_1462_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 41693 | Hewlett-Packard Linux Imaging and Printing Project (hplip) hpssd from Address... hplip contains a flaw that may allow an attacker to execute arbitrary code. The issue is triggered when sendmail is invoked to process an email with a malformed From address. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | HP Linux Imaging and Printing Project hpssd daemon command injection attempt RuleID : 26108 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | HP Linux Imaging and Printing Project hpssd daemon command injection attempt RuleID : 26107 - Revision : 4 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0960.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071011_hplip_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0960.nasl - Type : ACT_GATHER_INFO |
| 2008-01-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1462.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_hplip17-4507.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-530-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2527.nasl - Type : ACT_GATHER_INFO |
| 2007-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-26.nasl - Type : ACT_GATHER_INFO |
| 2007-10-25 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-201.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_hplip-4516.nasl - Type : ACT_GATHER_INFO |
| 2007-10-15 | Name : The remote service allows for arbitrary command execution. File : hpssd_from_address_cmd_exec.nasl - Type : ACT_ATTACK |
| 2007-10-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0960.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:51:05 |
|
