HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote service allows for arbitrary command execution.

Description :

The version of the HP Linux Imaging and Printing System hpssd daemon
on the remote host fails to sanitize user-supplied input before
appending it to a commandline when calling sendmail. Using a
specially crafted email address, an unauthenticated, remote attacker
can leverage this issue to execute arbitrary shell commands on the
remote host subject to the permissions under which the daemon
operates, typically root.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=319921
http://sourceforge.net/forum/forum.php?forum_id=746709

Solution :

Upgrade to HPLIP 2.7.10 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 27054 (hpssd_from_address_cmd_exec.nasl)

Bugtraq ID: 26054

CVE ID: CVE-2007-5208

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial