REDHAT-BUG-319921: Command Injection
First published: Fri Oct 05 2007(Updated: )
Kees Cook of the Ubuntu Security Team has informed us of following security vulnerability in hplip: I just discovered that the hpssd daemon of hplip is vulnerable to arbitrary command injection via its use of popen3. Other local users can run commands as the invoker of hpssd (usually root, hplip, or a local user). By default, it only listens on localhost, but this is configurable via /etc/hp/hplip.conf, so in the worst-case it is possible this could allow remote root command execution. Both 2.x and 1.x series appear vulnerable (but not 0.x which used SMTP). The bug for this is: <a href="https://launchpad.net/bugs/149121">https://launchpad.net/bugs/149121</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hewlett-Packard HPLIP | >=1.x<3.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://launchpad.net/bugs/149121
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=217201&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=217201&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=319921#c3
- https://rhn.redhat.com/errata/RHSA-2007-0960.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00217.html
- https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2527
- https://bugzilla.redhat.com/show_bug.cgi?id=319921
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-5208
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hewlett-packard hplip