Debian Security Advisory DSA 1462-1 (hplip) Network Vulnerability

Summary

The remote host is missing an update to hplip announced via advisory DSA 1462-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201462-1

Insight

Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user. For the unstable distribution (sid), this problem has been fixed in version 1.6.10-4.3. For the stable distribution (etch), this problem has been fixed in version 1.6.10-3etch1. The old stable distribution (sarge) is not affected by this problem. We recommend that you upgrade your hplip packages.

Severity

Classification

CVE CVE-2007-5208
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 074-1 (wmaker)
Debian Security Advisory DSA 054-1 (cron)
Debian Security Advisory DSA 044-1 (mailx)
Debian Security Advisory DSA 091-1 (ssh)
Debian Security Advisory DSA 090-1 (xtel)

Take action and discover your vulnerabilities