HP Linux Imaging and Printing Project (hplip) Bug in hpssd Message Parser Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1020683
|
|
SecurityTracker URL: http://securitytracker.com/id?1020683
|
|
CVE Reference: CVE-2008-2941
(Links to External Site)
|
Date: Aug 12 2008
|
Impact: Denial of service via local system
|
Description: A vulnerability was reported in HP Linux Imaging and Printing Project (hplip). A local user can cause denial of service conditions.
A local user can send specially crafted packets to the hpssd message parser to cause the hpssd process to crash.
The vulnerability resides in 'hpssd.py'.
A demonstration exploit is provided:
msg=0
|
Impact: A local user can cause the hpssd process to crash.
|
Solution: No solution was available at the time of this entry.
[Editor's note: It is unclear if the current upstream version is affected.]
|
Vendor URL: hplip.sourceforge.net/ (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 12 Aug 2008 17:27:12 -0400
Subject: hplip
|
A flaw was discovered in the hpssd message parser. By sending
specially-crafted packets, a local attacker could cause a denial of
service, stopping the hpssd process. (CVE-2008-2941)
|
|
