hplip - hpssd.py From Address 任意命令执行 (Metasploit) - Ali_nvd

CVE编号

CVE-2007-5208

利用情况

暂无

补丁情况

官方补丁

披露时间

2007-10-13

Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x 和 2.7.10之前的2.x允许依赖于上下文的攻击者通过from地址中的shell元字符执行任意命令，其在调用sendmail时未得到妥善处理。

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://bugs.gentoo.org/show_bug.cgi?id=195565
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://qa.mandriva.com/show_bug.cgi?id=30719
http://secunia.com/advisories/27202
http://secunia.com/advisories/27221
http://secunia.com/advisories/27224
http://secunia.com/advisories/27232
http://secunia.com/advisories/27271
http://secunia.com/advisories/27332
http://secunia.com/advisories/27397
http://secunia.com/advisories/28453
http://security.gentoo.org/glsa/glsa-200710-26.xml
http://www.debian.org/security/2008/dsa-1462
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:201
http://www.redhat.com/support/errata/RHSA-2007-0960.html
http://www.securityfocus.com/bid/26054
http://www.securitytracker.com/id?1018806
http://www.vupen.com/english/advisories/2007/3479
https://bugzilla.redhat.com/show_bug.cgi?id=319921
https://exchange.xforce.ibmcloud.com/vulnerabilities/37183
https://launchpad.net/bugs/149121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://usn.ubuntu.com/530-1/
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00200.html

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	hp	linux_imaging_and_printing_project	*		Up to (including) 2.7.10
	运行在以下环境
	应用	hp	linux_imaging_and_printing_project	1.0	-
	运行在以下环境
	系统	centos_5	hplip	*		Up to (excluding) 1.6.7-4.1.el5.3
	运行在以下环境
	系统	debian_4.0	hplip	*		Up to (excluding) 1.6.10-3etch1
	运行在以下环境
	系统	debian_5.0	hplip	*		Up to (excluding) 1.6.10-4.2+lenny1
	运行在以下环境
	系统	oracle_5	hplip	*		Up to (excluding) 1.6.7-4.1.el5_0.3

CWE-ID 漏洞类型 CWE-20 输入验证不恰当

hplip - hpssd.py From Address 任意命令执行 (Metasploit)