HP JetAdmin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered when calling the "ExecuteFile" function, which may allow a remote attacker to execute arbitrary commands on the target system with root or SYSTEM level privileges resulting in a loss of integrity.

Upgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1009960
• Bugtraq ID: 10224
• Secunia Advisory ID: 11536
• ISS X-Force ID: 15989
• Milw0rm: 294
• Exploit Database: 294
• Related OSVDB ID: 5790 5791 5792 5793 5794 5795 5796 5797
• CERT VU: 606673
• Keyword: HPSBPI01026 SSRT2397
• Vendor Specific Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-04/0359.html
• Vendor URL: http://www.hp.com/
• Generic Exploit URL: http://www.phenoelit.de/hp/JetRoot_pl.txt
• Other Advisory URL: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt

• FX - fxphenoelit.de - Phenoelit Group

NVD does not currently have a CVSSv2 score assigned.