LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: hplip vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that the hpssd tool of hplip did not correctly handle shell meta-characters. A local attacker could exploit this to execute arbitrary commands as the hplip user.
=========================================================== 
Ubuntu Security Notice USN-530-1           October 12, 2007
hplip vulnerability
CVE-2007-5208
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  hplip                           1.6.9-0ubuntu2.1

Ubuntu 7.04:
  hplip                           1.7.3-0ubuntu1.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

It was discovered that the hpssd tool of hplip did not correctly handle
shell meta-characters.  A local attacker could exploit this to execute
arbitrary commands as the hplip user.


Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1.diff.gz
      Size/MD5:   259212 536df2eefb0b9fbe7265ce08cbcab8c6
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1.dsc
      Size/MD5:      867 f3fcef4f5d77e560d6e689dd46bd43cf
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9.orig.tar.gz
      Size/MD5: 10018087 38d57f58b48b5b0729d1de507776e7d1

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs-ppds_2.6.9+1.6.9-0ubuntu2.1_all.deb
      Size/MD5:   206190 b9b489f0774aa87c39124cb0db13fd31
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_1.6.9-0ubuntu2.1_all.deb
      Size/MD5:  6275996 6418efb1c032cd56481f644f19b3b61f
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_1.6.9-0ubuntu2.1_all.deb
      Size/MD5:  1110706 e0178bd79b82544198aaaf530440383b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_amd64.deb
      Size/MD5:   353370 6bee9b223495e146322db33ba595a3dd
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_amd64.deb
      Size/MD5:   852854 0e1c50cf2f59f863fdd9f6921d75e182
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_amd64.deb
      Size/MD5:   558178 4993f82769599490e9afa75716ec676c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_i386.deb
      Size/MD5:   345224 d3b9fe0a4f475f27a4a7ed2f489bee5e
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_i386.deb
      Size/MD5:   825126 12c869a1721ccafc603583d711a01eff
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_i386.deb
      Size/MD5:   547254 dd426a5a7d2c9df72b6ca89e04bb546f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_powerpc.deb
      Size/MD5:   358780 4f77e25806dea449159b42eead6a7c99
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_powerpc.deb
      Size/MD5:   862550 60f526a1953027144f3276425fd8048a
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_powerpc.deb
      Size/MD5:   563708 92351b2f1f6b6e9a8322e79818656c22

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_sparc.deb
      Size/MD5:   338118 74c15c966e2f094464cd476b3b5682fa
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_sparc.deb
      Size/MD5:   784194 92b986a25c359122a5f10123306921fd
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_sparc.deb
      Size/MD5:   542478 79ca390d413545ec5038624a40eddea0

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1.diff.gz
      Size/MD5:   306365 f41ad069c89422c7cf532b7f0b2298e9
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1.dsc
      Size/MD5:     1011 4205e63a16f1218403e403361351779b
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3.orig.tar.gz
      Size/MD5: 13556732 6921d256c9efc37446f5d2fad71979f8

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_1.7.3-0ubuntu1.1_all.deb
      Size/MD5:  6497568 cd98dd4bd54b155e664f6fc988ce3995
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_1.7.3-0ubuntu1.1_all.deb
      Size/MD5:  4083742 089dcc3694e3d249188774c4ab6f727c
    http://security.ubuntu.com/ubuntu/pool/universe/h/hplip/hpijs-ppds_2.7.2+1.7.3-0ubuntu1.1_all.deb
      Size/MD5:   217720 cdf52af0871895a8e4e8a81ada765870

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_amd64.deb
      Size/MD5:   382046 6ed6ce7e6fe4301a5322d8cd8dae3744
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_amd64.deb
      Size/MD5:   902140 20107f7558991ccb6e4a90c283b45aa3
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_amd64.deb
      Size/MD5:   632374 b054a977150ec9f73e6334609ba7c947

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_i386.deb
      Size/MD5:   374496 9d99f0b15690bef45e3458ac5190f988
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_i386.deb
      Size/MD5:   874992 f5a1dc5eb40a50f043b2a2b5f73f9802
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_i386.deb
      Size/MD5:   620606 05a1aab80677a9147b09dc7c27937712

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_powerpc.deb
      Size/MD5:   390378 eaec56fad0a69e249b2498eadf818d0d
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_powerpc.deb
      Size/MD5:   912866 80f008c38bb588d014dcaf598ca76c3f
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_powerpc.deb
      Size/MD5:   646356 e77243f70a0fd1a15c32948d792a5fb9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_sparc.deb
      Size/MD5:   368140 0aebeee7c64bcac5a2ba28cf627b9282
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_sparc.deb
      Size/MD5:   832520 aa33f0f52142a040f1fc462f634ddd53
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_sparc.deb
      Size/MD5:   615194 e9216b7fc51ebb054961f22a5c4f759f


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
OphionLocker, A New Ransomware uses Elliptic Curve for Encryption
This Linux grinch could put a hole in your security stocking
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.