Ubuntu USN-708-1 (hplip) Network Vulnerability

Summary

The remote host is missing an update to hplip announced via advisory USN-708-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: hplip 2.7.7.dfsg.1-0ubuntu5.3 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-708-1

Insight

It was discovered that an installation script in the HPLIP package would change permissions on the hplip config files located in user's home directories. A local user could exploit this and change permissions on arbitrary files upon an HPLIP installation or upgrade, which could lead to root privileges.

Severity

Classification

Related Vulnerabilities

Ubuntu Update for apturl USN-1132-1
Ubuntu Update for ffmpeg vulnerability USN-630-1
Ubuntu Update for cupsys vulnerabilities USN-656-1
Ubuntu Update for bind9 USN-1566-1
Ubuntu Update for fetchmail vulnerability USN-405-1

Take action and discover your vulnerabilities