OSVDB ID: 41693

Title: HP Linux Imaging and Printing (HPLIP) hpssd from Address Command Injection

Info

Disclosure

Oct 04, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

hplip contains a flaw that may allow an attacker to execute arbitrary code. The issue is triggered when sendmail is invoked to process an email with a malformed From address.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified

Solution

Upgrade to version 2.7.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Hewlett-Packard Development Company, L.P.

Linux Imaging and Printing Project

2.7.9

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/41693