FrSIRT - Fedora Security Update Fixes HPLIP Local Code Injection Vulnerbility / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes HPLIP Local Code Injection Vulnerbility

Title : Fedora Security Update Fixes HPLIP Local Code Injection Vulnerbility
Advisory ID : FrSIRT/ADV-2007-3499
CVE ID : CVE-2007-5208
Rated as : Moderate Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-10-15

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by local attackers to obtain elevated privileges [...]

Solution

Upgrade the affected packages :

2c6dafcf59ea6ad25e4b0f21824e272e15eac490 hplip-gui-1.7.4a-6.fc7.ppc64.rpm
c63a95a36a63c5e67d2e3ae582d6d3390244ab57 hplip-1.7.4a-6.fc7.ppc64.rpm
918acf9691c65c7fb3338719b3ea18b9ec772aef hpijs-1.7.4a-6.fc7.ppc64.rpm
6cbb7cfb4a75f71cdaf8d8ffb286b405e02eecbe hplip-debuginfo-1.7.4a-6.fc7.ppc64.rpm
c1aa00429151f0abd474c7fc769522c973012c5b libsane-hpaio-1.7.4a-6.fc7.ppc64.rpm
6e5d32d1e1166567063137c0a1c0d480cc95b8a0 hplip-1.7.4a-6.fc7.i386.rpm
be5b515d659ca4f2b5f88797afd0676368475d1f hplip-debuginfo-1.7.4a-6.fc7.i386.rpm
924ba1bbe5bbf05e336dbb51062ee277b6c9ead4 libsane-hpaio-1.7.4a-6.fc7.i386.rpm
0c651369df8ab3007999a8b909f3ec447e5718a6 hpijs-1.7.4a-6.fc7.i386.rpm
48551d094070e7efd09fc2bb5d95a0166828187c hplip-gui-1.7.4a-6.fc7.i386.rpm
438742d2769d09d660a06244cdbbc072afbcc22f hplip-gui-1.7.4a-6.fc7.x86_64.rpm
d6fad1250fa848d942d515eb83ca2eba338e1eb2 hplip-1.7.4a-6.fc7.x86_64.rpm
2523f339146023931ca41814ed0fbce16af38ef8 libsane-hpaio-1.7.4a-6.fc7.x86_64.rpm
f96a70070bfc770d82dfccbd9a846ad297972de7 hpijs-1.7.4a-6.fc7.x86_64.rpm
19e9c272ad2755db6a52edc468f2faefa840824d hplip-debuginfo-1.7.4a-6.fc7.x86_64.rpm
d3dc4e6e0ebe963da2e7976e8d081be0197bec1d hpijs-1.7.4a-6.fc7.ppc.rpm
19616ca728fb8c046f94d07c9bff4a02ddb84014 hplip-debuginfo-1.7.4a-6.fc7.ppc.rpm
69951042bee9eaf0f47780386ed4deefc4108030 libsane-hpaio-1.7.4a-6.fc7.ppc.rpm
435b50f8d634bd624d3c8a6b3abb99d5249ec8ee hplip-gui-1.7.4a-6.fc7.ppc.rpm
cb3a3e72f73822cb0d6f107ce22a6bad4daf1bb1 hplip-1.7.4a-6.fc7.ppc.rpm
28dbfa04f0b01e31420d9dd075b5ab5b80ed724b hplip-1.7.4a-6.fc7.src.rpm

ChangeLog

2007-10-15 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)
	Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)
	Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)
	Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability