This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.
The remote service allows for arbitrary command execution.
The version of the HP Linux Imaging and Printing System hpssd daemon
on the remote host fails to sanitize user-supplied input before
appending it to a commandline when calling sendmail. Using a
specially crafted email address, an unauthenticated, remote attacker
can leverage this issue to execute arbitrary shell commands on the
remote host subject to the permissions under which the daemon
operates, typically root.
See also :
Upgrade to HPLIP 2.7.10 or later.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.3
Public Exploit Available : true
Family: Gain a shell remotely
Nessus Plugin ID: 27054 (hpssd_from_address_cmd_exec.nasl)
Bugtraq ID: 26054
CVE ID: CVE-2007-5208
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.