This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.
The remote service allows for arbitrary command execution.
The version of the HP Linux Imaging and Printing System hpssd daemon
on the remote host fails to sanitize user-supplied input before
appending it to a commandline when calling sendmail. Using a
specially crafted email address, an unauthenticated, remote attacker
can leverage this issue to execute arbitrary shell commands on the
remote host subject to the permissions under which the daemon
operates, typically root.
See also :
Upgrade to HPLIP 2.7.10 or later.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.3
Public Exploit Available : true