Scientific Linux Security Update : hplip on SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

A flaw was discovered in the hplip alert-mailing functionality. A
local attacker could elevate their privileges by using specially
crafted packets to trigger alert mails, which are sent by the root
account. (CVE-2008-2940)

A flaw was discovered in the hpssd message parser. By sending
specially crafted packets, a local attacker could cause a denial of
service, stopping the hpssd process. (CVE-2008-2941)

See also :

Solution :

Update the affected hpijs, hplip and / or libsane-hpaio packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60463 ()

Bugtraq ID:

CVE ID: CVE-2008-2940