HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection

High Nessus Plugin ID 27054


The remote service allows for arbitrary command execution.


The version of the HP Linux Imaging and Printing System hpssd daemon on the remote host fails to sanitize user-supplied input before appending it to a commandline when calling sendmail. Using a specially crafted email address, an unauthenticated, remote attacker can leverage this issue to execute arbitrary shell commands on the remote host subject to the permissions under which the daemon operates, typically root.


Upgrade to HPLIP 2.7.10 or later.

See Also



Plugin Details

Severity: High

ID: 27054

File Name: hpssd_from_address_cmd_exec.nasl

Version: $Revision: 1.18 $

Type: remote

Published: 2007/10/15

Modified: 2016/11/18

Dependencies: 11153

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:linux_imaging_and_printing_project

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/10/05

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (HPLIP hpssd.py From Address Arbitrary Command Execution)

Reference Information

CVE: CVE-2007-5208

BID: 26054

OSVDB: 41693

CWE: 20