GLSA-200710-26 : HPLIP: Privilege escalation
High Nessus Plugin ID 27558
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200710-26 (HPLIP: Privilege escalation)
Kees Cook from the Ubuntu Security team discovered that the hpssd daemon does not correctly validate user-supplied data before passing it to a 'popen3()' call.
A local attacker may be able to exploit this vulnerability by sending a specially crafted request to the hpssd daemon to execute arbitrary commands with the privileges of the user running hpssd, usually root.
There is no known workaround at this time.
SolutionAll HPLIP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose 'net-print/hplip'