Oracle Linux 5 / 6 : hplip (ELSA-2011-0154)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2011:0154 :

Updated hplip packages that fix one security issue are now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers
for Hewlett-Packard printers and multifunction peripherals, and tools
for installing, using, and configuring them.

A flaw was found in the way certain HPLIP tools discovered devices
using the SNMP protocol. If a user ran certain HPLIP tools that search
for supported devices using SNMP, and a malicious user is able to send
specially-crafted SNMP responses, it could cause those HPLIP tools to
crash or, possibly, execute arbitrary code with the privileges of the
user running them. (CVE-2010-4267)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security
Team for reporting this issue.

Users of hplip should upgrade to these updated packages, which contain
a backported patch to correct this issue.

See also :

https://oss.oracle.com/pipermail/el-errata/2011-February/001887.html
https://oss.oracle.com/pipermail/el-errata/2011-January/001798.html

Solution :

Update the affected hplip packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68181 ()

Bugtraq ID:

CVE ID: CVE-2010-4267