HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

The remote service allows for arbitrary command execution.

Description :

The version of the HP Linux Imaging and Printing System hpssd daemon
on the remote host fails to sanitize user-supplied input before
appending it to a commandline when calling sendmail. Using a
specially crafted email address, an unauthenticated, remote attacker
can leverage this issue to execute arbitrary shell commands on the
remote host subject to the permissions under which the daemon
operates, typically root.

See also :


Solution :

Upgrade to HPLIP 2.7.10 or later.

Risk factor :

High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.6
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 27054 (hpssd_from_address_cmd_exec.nasl)

Bugtraq ID: 26054

CVE ID: CVE-2007-5208

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now