HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote service allows for arbitrary command execution.

Description :

The version of the HP Linux Imaging and Printing System hpssd daemon
on the remote host fails to sanitize user-supplied input before
appending it to a commandline when calling sendmail. Using a
specially crafted email address, an unauthenticated, remote attacker
can leverage this issue to execute arbitrary shell commands on the
remote host subject to the permissions under which the daemon
operates, typically root.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=319921
http://sourceforge.net/forum/forum.php?forum_id=746709

Solution :

Upgrade to HPLIP 2.7.10 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 27054 (hpssd_from_address_cmd_exec.nasl)

Bugtraq ID: 26054

CVE ID: CVE-2007-5208