Detections
Analytics
Mandriva Linux Security Advisory : hplip (MDVSA-2011:013)
high Nessus Plugin ID 51805
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A vulnerability has been found and corrected in hplip :A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them (CVE-2010-4267).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490
The updated packages have been patched to correct this issue.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 51805
File Name: mandriva_MDVSA-2011-013.nasl
Version: 1.13
Type: local
Family: Mandriva Local Security Checks
Published: 1/28/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:hplip, p-cpe:/a:mandriva:linux:hplip-doc, p-cpe:/a:mandriva:linux:hplip-gui, p-cpe:/a:mandriva:linux:hplip-hpijs, p-cpe:/a:mandriva:linux:hplip-hpijs-ppds, p-cpe:/a:mandriva:linux:hplip-model-data, p-cpe:/a:mandriva:linux:lib64hpip0, p-cpe:/a:mandriva:linux:lib64hpip0-devel, p-cpe:/a:mandriva:linux:lib64sane-hpaio1, p-cpe:/a:mandriva:linux:libhpip0, p-cpe:/a:mandriva:linux:libhpip0-devel, p-cpe:/a:mandriva:linux:libsane-hpaio1, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2010.0, cpe:/o:mandriva:linux:2010.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 1/19/2011
Reference Information
CVE: CVE-2010-4267
BID: 45833
MDVSA: 2011:013