Summary
The remote host is missing an update to hplip
announced via advisory DSA 1462-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201462-1
Insight
Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user.
For the unstable distribution (sid), this problem has been fixed in version 1.6.10-4.3.
For the stable distribution (etch), this problem has been fixed in version 1.6.10-3etch1.
The old stable distribution (sarge) is not affected by this problem.
We recommend that you upgrade your hplip packages.
Severity
Classification
-
CVE CVE-2007-5208 -
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities