| VID |
29138 |
| Severity |
40 |
| Port |
2207 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The HPLIP hpssd daemon is vulnerable to a command execution vulnerability. Hewlett-Packard Linux Imaging and Printing Project (hplip) versions 1.x and 2.x prior to 2.7.10 could allow a remote attacker to execute arbitrary commands on the system, caused by input validation errors in the hpssd daemon. A remote attacker could execute arbitrary shell commands on the affected host with root privileges via shell metacharacters in a from address.
* References:
http://sourceforge.net/forum/forum.php?forum_id=746709
https://bugzilla.redhat.com/show_bug.cgi?id=319921
http://securitytracker.com/alerts/2007/Oct/1018806.html
http://www.frsirt.com/english/advisories/2007/3479
http://secunia.com/advisories/27202
* Platforms Affected:
HP, Linux Imaging and Printing System (HPLIP) version 2.7.9 and earlier versions
Linux Any version |
| Recommendation |
Upgrade to the latest version of HPLIP (2.7.10 or later), available from the HPLIP Web site at http://hplip.sourceforge.net/index.html |
| Related URL |
CVE-2007-5208 (CVE) |
| Related URL |
26054 (SecurityFocus) |
| Related URL |
37183 (ISS) |
|
