HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection
High Nessus Plugin ID 27054
SynopsisThe remote service allows for arbitrary command execution.
DescriptionThe version of the HP Linux Imaging and Printing System hpssd daemon on the remote host fails to sanitize user-supplied input before appending it to a commandline when calling sendmail. Using a specially crafted email address, an unauthenticated, remote attacker can leverage this issue to execute arbitrary shell commands on the remote host subject to the permissions under which the daemon operates, typically root.
SolutionUpgrade to HPLIP 2.7.10 or later.