View Full Version : USN-530-1: hplip vulnerability

October 12th, 2007, 10:00 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-530-1 October 12, 2007hplip vulnerabilityCVE-2007-5208============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 6.10Ubuntu 7.04This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.10: hplip 1.6.9-0ubuntu2.1Ubuntu 7.04: hplip 1.7.3-0ubuntu1.1In general, a standard system upgrade is sufficient to affect thenecessary changes.Details follow:It was discovered that the hpssd tool of hplip did not correctly handleshell meta-characters. A local attacker could exploit this to executearbitrary commands as the hplip user.

More... (http://www.ubuntu.com/usn/usn-530-1)