This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:HP-LIPS-HSSPD
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
HP Linux Imaging and Printing System HSSPD.PY Vulnerability
|
Release Date |
2007/12/17
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: HP Linux Imaging and Printing System HSSPD.PY Vulnerability
This signature detects attempts to exploit a known vulnerability against HP Linux Imaging and Printing System. Versions 2.7.9 and below are vulnerable. A successful attack can allow attackers to inject commands onto the target system.
Extended Description
HP Linux Imaging and Printing System (HPLIP) is prone to an arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers.
NOTE: By default the application's 'hpssd' daemon listens only on localhost, but it can be configured (via /etc/hp/hplip.conf) to listen to remote requests as well.
HPLIP versions in the 1.0 and 2.0 series are vulnerable.
Affected Products
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Gentoo linux
- Hp linux_imaging_and_printing_system 1.6.10
- Hp linux_imaging_and_printing_system 1.6.12
- Hp linux_imaging_and_printing_system 1.6.6
- Hp linux_imaging_and_printing_system 1.6.6A
- Hp linux_imaging_and_printing_system 1.6.7
- Hp linux_imaging_and_printing_system 1.6.9
- Hp linux_imaging_and_printing_system 1.7.1
- Hp linux_imaging_and_printing_system 1.7.2
- Hp linux_imaging_and_printing_system 1.7.3
- Hp linux_imaging_and_printing_system 1.7.4
- Hp linux_imaging_and_printing_system 1.7.4A
- Hp linux_imaging_and_printing_system 2.7.1
- Hp linux_imaging_and_printing_system 2.7.2
- Hp linux_imaging_and_printing_system 2.7.4
- Hp linux_imaging_and_printing_system 2.7.6
- Hp linux_imaging_and_printing_system 2.7.6-1.Patch
- Hp linux_imaging_and_printing_system 2.7.7
- Hp linux_imaging_and_printing_system 2.7.9
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva linux_mandrake 2007.0
- Mandriva linux_mandrake 2007.0 X86 64
- Mandriva linux_mandrake 2007.1
- Mandriva linux_mandrake 2007.1 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat fedora Core7
- Suse linux 10.0
- Suse linux 10.1
- Suse linux 10.2
- Suse linux 10.3
- Suse suse_linux_enterprise_desktop 10
- Ubuntu ubuntu_linux 6.10 Amd64
- Ubuntu ubuntu_linux 6.10 I386
- Ubuntu ubuntu_linux 6.10 Powerpc
- Ubuntu ubuntu_linux 6.10 Sparc
- Ubuntu ubuntu_linux 7.04 Amd64
- Ubuntu ubuntu_linux 7.04 I386
- Ubuntu ubuntu_linux 7.04 Powerpc
- Ubuntu ubuntu_linux 7.04 Sparc
References