OSVDB ID: 41693

Title: Hewlett-Packard Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection

Info

Disclosure

Oct 04, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

hplip contains a flaw that may allow an attacker to execute arbitrary code. The issue is triggered when sendmail is invoked to process an email with a malformed From address.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified

Solution

Upgrade to version 2.7.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Hewlett-Packard Development Company, L.P.

Linux Imaging and Printing Project

2.7.9

References

CVE ID: 2007-5208 (see also: NVD)
Secunia Advisory ID: 27202 27221 27224 27232 27271 27332 27397 28453
Metasploit ID: 41693
Generic Exploit URL: http://d2sec.com/products.htm
Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.gentoo.org/security/en/glsa/glsa-200710-26.xml
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:201
http://www.ubuntu.com/usn/usn-530-1
https://bugzilla.redhat.com/show_bug.cgi?id=319921
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00200.html
RedHat RHSA: RHSA-2007:0960

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/41693