Secunia Security Advisory - Kees Cook has reported a vulnerability in HPLIB, which can be exploited by malicious, local users to gain escalated privileges.
054d5328a26ad359f7e7b665c92a77fa65b1761f9045787ffc9d53b671b2b057
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
HPLIP hpssd Command Injection Vulnerability
SECUNIA ADVISORY ID:
SA27202
VERIFY ADVISORY:
http://secunia.com/advisories/27202/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
HPLIB 2.x
http://secunia.com/product/16077/
DESCRIPTION:
Kees Cook has reported a vulnerability in HPLIB, which can be
exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to the hpssd daemon not properly
sanitising certain input before using it to invoke sendmail using the
"popen3()" method. This can be exploited to execute arbitrary commands
with escalated privileges (e.g. "root") by sending specially crafted
requests to the hpssd daemon.
NOTE: Depending upon the configuration of hpssd, this may also be
remotely exploitable.
SOLUTION:
Restrict access to trusted people only.
PROVIDED AND/OR DISCOVERED BY:
Kees Cook, Ubuntu Security Team
ORIGINAL ADVISORY:
https://bugzilla.redhat.com/show_bug.cgi?id=319921
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed