Detections
Analytics

HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection

high Nessus Plugin ID 27054

Language:

Synopsis

The remote service allows for arbitrary command execution.

Description

The version of the HP Linux Imaging and Printing System hpssd daemon on the remote host fails to sanitize user-supplied input before appending it to a commandline when calling sendmail. Using a specially crafted email address, an unauthenticated, remote attacker can leverage this issue to execute arbitrary shell commands on the remote host subject to the permissions under which the daemon operates, typically root.

Solution

Upgrade to HPLIP 2.7.10 or later.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=319921

http://sourceforge.net/forum/forum.php?forum_id=746709

Plugin Details

Severity: High

ID: 27054

File Name: hpssd_from_address_cmd_exec.nasl

Version: 1.19

Type: remote

Published: 10/15/2007

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:linux_imaging_and_printing_project

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/5/2007

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (HPLIP hpssd.py From Address Arbitrary Command Execution)

Reference Information

CVE: CVE-2007-5208

BID: 26054

CWE: 20