Mandriva Update For Hplip MDVSA-2008:169 (hplip) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account (CVE-2008-2940). Another vulnerability was discovered by Marc Schoenefeld in the hpssd message parser that could allow a local attacker to stop the hpssd process by sending specially-craftd packets, causing a denial of service (CVE-2008-2941). The updated packages have been patched to correct these issues.

Affected

hplip on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2940, CVE-2008-2941
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:049-1 (pycrypto)
Mandrake Security Advisory MDVSA-2009:191 (OpenEXR)
Mandrake Security Advisory MDVSA-2009:104 (udev)
Mandrake Security Advisory MDVSA-2009:052 (php-smarty)
Mandrake Security Advisory MDVSA-2009:164 (jasper)

Mandriva Update for hplip MDVSA-2008:169 (hplip)

Take action and discover your vulnerabilities