Rapid7 Vulnerability & Exploit Database

RHSA-2007:0960: hplip security update

Back to Search

RHSA-2007:0960: hplip security update

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
10/12/2007
Created
07/25/2018
Added
11/26/2007
Modified
07/04/2017

Description

An updated hplip package to correct a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

The hplip (Hewlett-Packard Linux Imaging and Printing Project) package provides drivers for HP printers and multi-function peripherals. Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. (CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted policy for hpssd which is enabled by default, blocks the ability to exploit this issue to run arbitrary code. Users of hplip are advised to upgrade to this updated package, which contains backported patches to resolve this issue.

Solution(s)

  • redhat-upgrade-hpijs
  • redhat-upgrade-hplip
  • redhat-upgrade-libsane-hpaio

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;