Rapid7 Vulnerability & Exploit Database

RHSA-2011:0154: hplip security update

Back to Search

RHSA-2011:0154: hplip security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
01/20/2011
Created
07/25/2018
Added
01/25/2011
Modified
07/04/2017

Description

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers forHewlett-Packard printers and multifunction peripherals, and tools forinstalling, using, and configuring them.A flaw was found in the way certain HPLIP tools discovered devices usingthe SNMP protocol. If a user ran certain HPLIP tools that search forsupported devices using SNMP, and a malicious user is able to sendspecially-crafted SNMP responses, it could cause those HPLIP tools to crashor, possibly, execute arbitrary code with the privileges of the userrunning them. (CVE-2010-4267)Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team forreporting this issue.Users of hplip should upgrade to these updated packages, which contain abackported patch to correct this issue.

Solution(s)

  • redhat-upgrade-hpijs
  • redhat-upgrade-hpijs3
  • redhat-upgrade-hplip
  • redhat-upgrade-hplip-common
  • redhat-upgrade-hplip-debuginfo
  • redhat-upgrade-hplip-gui
  • redhat-upgrade-hplip-libs
  • redhat-upgrade-hplip3
  • redhat-upgrade-hplip3-common
  • redhat-upgrade-hplip3-gui
  • redhat-upgrade-hplip3-libs
  • redhat-upgrade-libsane-hpaio
  • redhat-upgrade-libsane-hpaio3

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;