LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2008:169 ] hplip Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account (CVE-2008-2940).
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:169
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : hplip
 Date    : August 13, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Marc Schoenefeld of the Red Hat Security Response Team discovered a
 vulnerability in the hplip alert-mailing functionality that could allow
 a local attacker to elevate their privileges by using specially-crafted
 packets to trigger alert mails that are sent by the root account
 (CVE-2008-2940).
 
 Another vulnerability was discovered by Marc Schoenefeld in the hpssd
 message parser that could allow a local attacker to stop the hpssd
 process by sending specially-craftd packets, causing a denial of
 service (CVE-2008-2941).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 83a70dea97bcf550fead0ee3fad08932  2007.1/i586/hplip-2.7.7-7.2mdv2007.1.i586.rpm
 7ee68cb6dc64814f9d040e8bc7ca67ef  2007.1/i586/hplip-doc-2.7.7-7.2mdv2007.1.i586.rpm
 b055ab176b056b0751d2b68f9e34ec52  2007.1/i586/hplip-hpijs-2.7.7-7.2mdv2007.1.i586.rpm
 c02f74f305d8a90c42ec1f84481067e7  2007.1/i586/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.i586.rpm
 31a009fbc34f485fde381f90cd8cf76e  2007.1/i586/hplip-model-data-2.7.7-7.2mdv2007.1.i586.rpm
 7a1a9cb8373fd6966f8cd495664a14a1  2007.1/i586/libhpip0-2.7.7-7.2mdv2007.1.i586.rpm
 7e1ddcca51e6415638cfbba7f05ef26f  2007.1/i586/libhpip0-devel-2.7.7-7.2mdv2007.1.i586.rpm
 c4b990b2704cf5edb8c9d780569c6324  2007.1/i586/libsane-hpaio1-2.7.7-7.2mdv2007.1.i586.rpm 
 c318707ebd9d10f57c612761360b1178  2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 ef3723584df0f9c67599674b6db8aa27  2007.1/x86_64/hplip-2.7.7-7.2mdv2007.1.x86_64.rpm
 17ae578aa6993ff1200444e82197efb2  2007.1/x86_64/hplip-doc-2.7.7-7.2mdv2007.1.x86_64.rpm
 cd0600174962a2bd3ad3d1a4f1faadd3  2007.1/x86_64/hplip-hpijs-2.7.7-7.2mdv2007.1.x86_64.rpm
 708f74ce9ce6ade4dc8167389e312f9a  2007.1/x86_64/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.x86_64.rpm
 3e5832b9145aaa41f743aa670f20f014  2007.1/x86_64/hplip-model-data-2.7.7-7.2mdv2007.1.x86_64.rpm
 bf7d38126f996dbcd10ba514a766113d  2007.1/x86_64/lib64hpip0-2.7.7-7.2mdv2007.1.x86_64.rpm
 907ce0b1d866f6ed35b782c7bea48e89  2007.1/x86_64/lib64hpip0-devel-2.7.7-7.2mdv2007.1.x86_64.rpm
 37c264306ddf4f614b594b4a26bca70f  2007.1/x86_64/lib64sane-hpaio1-2.7.7-7.2mdv2007.1.x86_64.rpm 
 c318707ebd9d10f57c612761360b1178  2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 a669379d666c88e8a16504ad983ad402  2008.0/i586/hplip-2.7.7-8.2mdv2008.0.i586.rpm
 494b6e9147fb639381d4133cf98612fc  2008.0/i586/hplip-doc-2.7.7-8.2mdv2008.0.i586.rpm
 17748ef3c683b999551bf3ffc4f395b3  2008.0/i586/hplip-hpijs-2.7.7-8.2mdv2008.0.i586.rpm
 dd608f041c6780bfc88272724ddedefc  2008.0/i586/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.i586.rpm
 06d7e452624d5619288dbca8f7c70677  2008.0/i586/hplip-model-data-2.7.7-8.2mdv2008.0.i586.rpm
 c1d867ed0a2c6599bd281db3f287ac64  2008.0/i586/libhpip0-2.7.7-8.2mdv2008.0.i586.rpm
 83425939a7d9f20abb3cf657e6abff1e  2008.0/i586/libhpip0-devel-2.7.7-8.2mdv2008.0.i586.rpm
 b33ae916dbb238f33af46135eeddf4bb  2008.0/i586/libsane-hpaio1-2.7.7-8.2mdv2008.0.i586.rpm 
 97b991d5a065c8bf99ad480485e93a35  2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 b405a8760af623755e8232266c382e11  2008.0/x86_64/hplip-2.7.7-8.2mdv2008.0.x86_64.rpm
 f98dc84adbe75fd8fa3ef132e6607d33  2008.0/x86_64/hplip-doc-2.7.7-8.2mdv2008.0.x86_64.rpm
 ba944e7864a866f595d499074869b9b8  2008.0/x86_64/hplip-hpijs-2.7.7-8.2mdv2008.0.x86_64.rpm
 cd4dd779d069352fcb35b717c35efef9  2008.0/x86_64/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.x86_64.rpm
 184feac7be49c0e67c99dce1683a32ef  2008.0/x86_64/hplip-model-data-2.7.7-8.2mdv2008.0.x86_64.rpm
 9d9307fe41b01a37f23916617bfd990a  2008.0/x86_64/lib64hpip0-2.7.7-8.2mdv2008.0.x86_64.rpm
 91b98fd69b6ab7a7cbce027878036915  2008.0/x86_64/lib64hpip0-devel-2.7.7-8.2mdv2008.0.x86_64.rpm
 500488fb28d19bdd398c55f15ae4c99b  2008.0/x86_64/lib64sane-hpaio1-2.7.7-8.2mdv2008.0.x86_64.rpm 
 97b991d5a065c8bf99ad480485e93a35  2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 1ff1ac0d25edb4e0c3d355041b3ee99b  2008.1/i586/hplip-2.8.2-2.1mdv2008.1.i586.rpm
 5b6887e12ad80634f844ef76332d4e6b  2008.1/i586/hplip-doc-2.8.2-2.1mdv2008.1.i586.rpm
 22619a7630be2f3ece75312c107f3f18  2008.1/i586/hplip-hpijs-2.8.2-2.1mdv2008.1.i586.rpm
 c53d888519e32d939615e2fbeee7da08  2008.1/i586/hplip-hpijs-ppds-2.8.2-2.1mdv2008.1.i586.rpm
 f011e651be37ec70d1bace8d80288278  2008.1/i586/hplip-model-data-2.8.2-2.1mdv2008.1.i586.rpm
 96cd7153acd9bf2fa7e97e0141015205  2008.1/i586/libhpip0-2.8.2-2.1mdv2008.1.i586.rpm
 ad30eb0f33a59d501ca9b19a1bfdd596  2008.1/i586/libhpip0-devel-2.8.2-2.1mdv2008.1.i586.rpm
 895342b4ea74b66ff11caf25ba05e8a9  2008.1/i586/libsane-hpaio1-2.8.2-2.1mdv2008.1.i586.rpm 
 ec0721343a1f44dda4950a38f91be5a1  2008.1/SRPMS/hplip-2.8.2-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a06e08c9b0f36e5036d871583d18fa44  2008.1/x86_64/hplip-2.8.2-2.1mdv2008.1.x86_64.rpm
 ee9f3a71639fd721a200f6f71985166d  2008.1/x86_64/hplip-doc-2.8.2-2.1mdv2008.1.x86_64.rpm
 700d2a48a22c1ad8c9f577b4502de6b2  2008.1/x86_64/hplip-hpijs-2.8.2-2.1mdv2008.1.x86_64.rpm
 a9e25ce6b1629acf6c741049c56bb10f  2008.1/x86_64/hplip-hpijs-ppds-2.8.2-2.1mdv2008.1.x86_64.rpm
 b9a2240b8a037ab7188fcdb0b33a2be6  2008.1/x86_64/hplip-model-data-2.8.2-2.1mdv2008.1.x86_64.rpm
 1363348b6924780fea45e1669af9d427  2008.1/x86_64/lib64hpip0-2.8.2-2.1mdv2008.1.x86_64.rpm
 ee10d5ed822c3d21fbec9bf4f80dfebc  2008.1/x86_64/lib64hpip0-devel-2.8.2-2.1mdv2008.1.x86_64.rpm
 63873101b63f13e706df9e1ecd4c43f3  2008.1/x86_64/lib64sane-hpaio1-2.8.2-2.1mdv2008.1.x86_64.rpm 
 ec0721343a1f44dda4950a38f91be5a1  2008.1/SRPMS/hplip-2.8.2-2.1mdv2008.1.src.rpm

 Corporate 4.0:
 777fdcbe85c52b1e0db7a2a5b240e8f1  corporate/4.0/i586/hplip-1.6.7-2.2.20060mlcs4.i586.rpm
 9b21f3609bb7894a5b45c0bea18542f9  corporate/4.0/i586/hplip-hpijs-1.6.7-2.2.20060mlcs4.i586.rpm
 987d8962f67ab6bbd7ef25eb0326711a  corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.2.20060mlcs4.i586.rpm
 1a98c497f6f5614794eedd2db14fa3ca  corporate/4.0/i586/hplip-model-data-1.6.7-2.2.20060mlcs4.i586.rpm
 5ad16063e0556e0f0878b68d8f1064ee  corporate/4.0/i586/libhpip0-1.6.7-2.2.20060mlcs4.i586.rpm
 5e275a760dd9a0432509948bd67cb415  corporate/4.0/i586/libhpip0-devel-1.6.7-2.2.20060mlcs4.i586.rpm
 a918a721f51f5409002e793f1b8b8f18  corporate/4.0/i586/libsane-hpaio1-1.6.7-2.2.20060mlcs4.i586.rpm 
 7e7628d18c806f644f6f6dd2e876e30b  corporate/4.0/SRPMS/hplip-1.6.7-2.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7daa0b4aafff137f99e69d52a99f9954  corporate/4.0/x86_64/hplip-1.6.7-2.2.20060mlcs4.x86_64.rpm
 0ffb395958b34858e07389c68c5681dc  corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.2.20060mlcs4.x86_64.rpm
 bbf23a0cf41449fa0d5fc5275fc86961  corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.2.20060mlcs4.x86_64.rpm
 544db3c364d87fc3b87793406dbf8b24  corporate/4.0/x86_64/hplip-model-data-1.6.7-2.2.20060mlcs4.x86_64.rpm
 0922189cf841085cc6bb573964119dad  corporate/4.0/x86_64/lib64hpip0-1.6.7-2.2.20060mlcs4.x86_64.rpm
 ccf36346eb5acf53c8203a58e5ac4cb5  corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.2.20060mlcs4.x86_64.rpm
 0422d486d4f749d26ce9bfb06231c9d6  corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.2.20060mlcs4.x86_64.rpm 
 7e7628d18c806f644f6f6dd2e876e30b  corporate/4.0/SRPMS/hplip-1.6.7-2.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Canadians arrest a Heartbleed hacker
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.