Lucene search
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2007-2527.NASLHistoryNov 06, 2007 - 12:00 a.m.
Fedora 7 : hplip-1.7.4a-6.fc7 (2007-2527)
2007-11-0600:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
7.6 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.223 Low
EPSS
Percentile
96.5%
This update fixes a vulnerability in the hpssd daemon.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2007-2527.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(27776);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2007-5208");
script_bugtraq_id(26054);
script_xref(name:"FEDORA", value:"2007-2527");
script_name(english:"Fedora 7 : hplip-1.7.4a-6.fc7 (2007-2527)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes a vulnerability in the hpssd daemon.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=329111"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004170.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?830d7ca8"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'HPLIP hpssd.py From Address Arbitrary Command Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_cwe_id(20);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:hpijs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:hplip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:hplip-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:hplip-gui");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libsane-hpaio");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
script_set_attribute(attribute:"patch_publication_date", value:"2007/10/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC7", reference:"hpijs-1.7.4a-6.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"hplip-1.7.4a-6.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"hplip-debuginfo-1.7.4a-6.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"hplip-gui-1.7.4a-6.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"libsane-hpaio-1.7.4a-6.fc7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "hpijs / hplip / hplip-debuginfo / hplip-gui / libsane-hpaio");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | libsane-hpaio | p-cpe:/a:fedoraproject:fedora:libsane-hpaio |
| fedoraproject | fedora | 7 | cpe:/o:fedoraproject:fedora:7 |
| fedoraproject | fedora | hpijs | p-cpe:/a:fedoraproject:fedora:hpijs |
| fedoraproject | fedora | hplip | p-cpe:/a:fedoraproject:fedora:hplip |
| fedoraproject | fedora | hplip-debuginfo | p-cpe:/a:fedoraproject:fedora:hplip-debuginfo |
| fedoraproject | fedora | hplip-gui | p-cpe:/a:fedoraproject:fedora:hplip-gui |
Related
openvas
openvas
Fedora Update for hplip FEDORA-2007-2527
2009-02-27 00:00:00
Ubuntu: Security Advisory (USN-530-1)
2009-03-23 00:00:00
SLES10: Security update for hplip17 and hplip17-hpijs
2009-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: hplip-1.7.4a-6.fc7
2007-10-12 20:02:57
[SECURITY] Fedora Core 6 Update: hplip-1.7.4a-3.fc6
2007-10-15 20:03:24
cve
cve
CVE-2007-5208
2007-10-13 00:17:00
nessus
nessus
Ubuntu 6.10 / 7.04 : hplip vulnerability (USN-530-1)
2007-11-10 00:00:00
CentOS 5 : hplip (CESA-2007:0960)
2010-01-06 00:00:00
openSUSE 10 Security Update : hplip (hplip-4516)
2007-10-17 00:00:00
packetstorm
packetstorm
hplip hpssd.py From Address Arbitrary Command Execution
2010-02-17 00:00:00
redhat
redhat
(RHSA-2007:0960) Important: hplip security update
2007-10-11 00:00:00
securityvulns
securityvulns
hplip shell characteres
2007-10-13 00:00:00
[USN-530-1] hplip vulnerability
2007-10-13 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_HPLIP
2007-10-13 00:17:00
osv
osv
hplip - missing input sanitising
2008-01-13 00:00:00
gentoo
gentoo
HPLIP: Privilege escalation
2007-10-24 00:00:00
prion
prion
Hardcoded credentials
2007-10-13 00:17:00
oraclelinux
oraclelinux
Important: hplip security update
2007-10-11 00:00:00
centos
centos
hpijs, hplip, libsane security update
2007-10-14 00:22:44
debian
debian
[SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation
2008-01-13 17:14:11
ubuntu
ubuntu
hplip vulnerability
2007-10-12 00:00:00
debiancve
debiancve
CVE-2007-5208
2007-10-13 00:17:00
nvd
nvd
CVE-2007-5208
2007-10-13 00:17:00
cvelist
cvelist
CVE-2007-5208
2007-10-13 00:00:00
ubuntucve
ubuntucve
CVE-2007-5208
2007-10-13 00:00:00
7.6 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.223 Low
EPSS
Percentile
96.5%
Related for FEDORA_2007-2527.NASL