RedHat Update For Hplip RHSA-2008:0818-02 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide drivers for Hewlett-Packard printers and multifunction peripherals. A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially-crafted packets to trigger alert mails, which are sent by the root account. (CVE-2008-2940) A flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a denial of service, stopping the hpssd process. (CVE-2008-2941) Users of hplip should upgrade to these updated packages, which contain backported patches to correct these issues.

Affected

hplip on Red Hat Enterprise Linux (v. 5 server)

References

https://www.redhat.com/archives/rhsa-announce/2008-August/msg00008.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2940, CVE-2008-2941
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:0005
RedHat Security Advisory RHSA-2009:1060
RedHat Security Advisory RHSA-2009:1125
RedHat Security Advisory RHSA-2009:0016
RedHat Security Advisory RHSA-2009:1038

RedHat Update for hplip RHSA-2008:0818-02

Take action and discover your vulnerabilities