SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE Linux Imaging and Printing Project (hplip) Vendors:   hplip.sourceforge.net
(Red Hat Issues Fix) HP Linux Imaging and Printing Project (hplip) Lets Remote Users Inject Arbitrary Commands
SecurityTracker Alert ID:  1018808
SecurityTracker URL:  http://securitytracker.com/id/1018808
CVE Reference:   CVE-2007-5208   (Links to External Site)
Date:  Oct 11 2007
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.x, 2.x
Description:   A vulnerability was reported in HP Linux Imaging and Printing Project (hplip). A remote user can execute arbitrary code on the target system.

The system does not properly validate user-supplied input before passing the input to a popen function call. A remote or local user can send specially crafted data to the hpssd daemon to inject arbitrary commands. The commands will run with the privileges of the target service.

In some default configurations, the daemon only listens on the localhost interface. In other default configurations, the daemon may be remotely accessible.

Impact:   A remote user can execute arbitrary commands on the target system. The commands may run with root user privileges on some systems.
Solution:   Red Hat has released a fix.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2007-0960.html

Vendor URL:  hplip.sourceforge.net/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Oct 11 2007 HP Linux Imaging and Printing Project (hplip) Lets Remote Users Inject Arbitrary Commands



 Source Message Contents

Subject:  [RHSA-2007:0960-01] Important: hplip security update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: hplip security update
Advisory ID:       RHSA-2007:0960-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0960.html
Issue date:        2007-10-11
Updated on:        2007-10-11
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-5208 
- ---------------------------------------------------------------------

1. Summary:

An updated hplip package to correct a security flaw is now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64

3. Problem description:

The hplip (Hewlett-Packard Linux Imaging and Printing Project) package
provides drivers for HP printers and multi-function peripherals.

Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user.
(CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted
policy for hpssd which is enabled by default, blocks the ability to exploit
this issue to run arbitrary code.

Users of hplip are advised to upgrade to this updated package, which
contains backported patches to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

319921 - CVE-2007-5208 hplip arbitrary command execution

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hplip-1.6.7-4.1.el5_0.3.src.rpm
c5f2b2ce887ac95075ba475d45baac01  hplip-1.6.7-4.1.el5_0.3.src.rpm

i386:
4be2c867b1246aeed68d0844596d787c  hpijs-1.6.7-4.1.el5_0.3.i386.rpm
7afd906783f52fe1fa197fc1f3856715  hplip-1.6.7-4.1.el5_0.3.i386.rpm
5742b8afde9f3b3cb0d55c2921ba2e9a  hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm
da6f95abff9164ef5bae0047158c15b0  libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm

x86_64:
747e4df638df0a43104e0836d229d079  hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm
a9eef76431a904c7bc8f306e133e496f  hplip-1.6.7-4.1.el5_0.3.x86_64.rpm
1bbd3357075d96b2ed3d6126a7714032  hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm
2b58cb4d8adf686133f691888887cbbf  libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hplip-1.6.7-4.1.el5_0.3.src.rpm
c5f2b2ce887ac95075ba475d45baac01  hplip-1.6.7-4.1.el5_0.3.src.rpm

i386:
4be2c867b1246aeed68d0844596d787c  hpijs-1.6.7-4.1.el5_0.3.i386.rpm
7afd906783f52fe1fa197fc1f3856715  hplip-1.6.7-4.1.el5_0.3.i386.rpm
5742b8afde9f3b3cb0d55c2921ba2e9a  hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm
da6f95abff9164ef5bae0047158c15b0  libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm

ia64:
7cf2ec0558c04de7ee684bb67315a752  hpijs-1.6.7-4.1.el5_0.3.ia64.rpm
f43e3af12f7377c05bf629b6a893ba1d  hplip-1.6.7-4.1.el5_0.3.ia64.rpm
93f88c75d678539ee3a1efdffee5b8eb  hplip-debuginfo-1.6.7-4.1.el5_0.3.ia64.rpm
d40d9655bbb0774cae895de6fd93c63e  libsane-hpaio-1.6.7-4.1.el5_0.3.ia64.rpm

ppc:
4ca6e4a9d3f6abf3d990af0eff16e602  hpijs-1.6.7-4.1.el5_0.3.ppc.rpm
a9793da0ce6476abccdb932bc28807c4  hplip-1.6.7-4.1.el5_0.3.ppc.rpm
b9d06b0bffd5a93252120da08a2691fc  hplip-debuginfo-1.6.7-4.1.el5_0.3.ppc.rpm
d4713ab787b5f3fa636a6a6dc2a27caf  libsane-hpaio-1.6.7-4.1.el5_0.3.ppc.rpm

x86_64:
747e4df638df0a43104e0836d229d079  hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm
a9eef76431a904c7bc8f306e133e496f  hplip-1.6.7-4.1.el5_0.3.x86_64.rpm
1bbd3357075d96b2ed3d6126a7714032  hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm
2b58cb4d8adf686133f691888887cbbf  libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHDmrcXlSAg2UNWIIRAv3gAJ9lilA7doBsplxy2WXbHIHSnYvc+gCgoRQF
m1qAthSbglekmykuzjq8t50=
=Q+AF
-----END PGP SIGNATURE-----



-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC