Mandriva Update For Hplip MDVSA-2008:169 (hplip) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account (CVE-2008-2940). Another vulnerability was discovered by Marc Schoenefeld in the hpssd message parser that could allow a local attacker to stop the hpssd process by sending specially-craftd packets, causing a denial of service (CVE-2008-2941). The updated packages have been patched to correct these issues.

Affected

hplip on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2940, CVE-2008-2941

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:166 (c-client)
Mandrake Security Advisory MDVSA-2009:135 (kernel)
Mandrake Security Advisory MDVSA-2009:132 (libsndfile)
Mandrake Security Advisory MDVSA-2009:050-1 (python-pycrypto)
Mandrake Security Advisory MDVSA-2009:168 (apache)

Mandriva Update for hplip MDVSA-2008:169 (hplip)

Take action and discover your vulnerabilities