Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2007-201.NASL
HistoryOct 25, 2007 - 12:00 a.m.

Mandrake Linux Security Advisory : hplip (MDKSA-2007:201)

2007-10-2500:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
13

7.6 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.223 Low

EPSS

Percentile

96.5%

JSON

A vulnerability in the hpssd tool was discovered where it did not correctly handle shell meta-characters. A local attacker could use this flaw to execute arbitrary commands as the hplip user.

As well, this update fixes a problem with some HP scanners on Mandriva Linux 2007.1, particularly HP PSC 1315, which wouldn’t be detected and also fixes a problem with HP 1220 and possibly other models when scanning via the OpenOffice.org suite.

Updated packages have been patched to prevent these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2007:201. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27562);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-5208");
  script_xref(name:"MDKSA", value:"2007:201");

  script_name(english:"Mandrake Linux Security Advisory : hplip (MDKSA-2007:201)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability in the hpssd tool was discovered where it did not
correctly handle shell meta-characters. A local attacker could use
this flaw to execute arbitrary commands as the hplip user.

As well, this update fixes a problem with some HP scanners on Mandriva
Linux 2007.1, particularly HP PSC 1315, which wouldn't be detected and
also fixes a problem with HP 1220 and possibly other models when
scanning via the OpenOffice.org suite.

Updated packages have been patched to prevent these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'HPLIP hpssd.py From Address Arbitrary Command Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
  script_cwe_id(20);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hplip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hplip-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hplip-hpijs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hplip-hpijs-ppds");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:hplip-model-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64hpip0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64hpip0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sane-hpaio1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libhpip0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libhpip0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsane-hpaio1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/10/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.0", reference:"hplip-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"hplip-hpijs-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"hplip-hpijs-ppds-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"hplip-model-data-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64hpip0-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64hpip0-devel-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64sane-hpaio1-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libhpip0-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libhpip0-devel-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libsane-hpaio1-1.6.9-1.1mdv2007.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2007.1", reference:"hplip-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"hplip-doc-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"hplip-hpijs-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"hplip-hpijs-ppds-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"hplip-model-data-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64hpip0-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64hpip0-devel-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64sane-hpaio1-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libhpip0-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libhpip0-devel-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libsane-hpaio1-2.7.7-7.1mdv2007.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.0", reference:"hplip-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"hplip-doc-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"hplip-hpijs-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"hplip-hpijs-ppds-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"hplip-model-data-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64hpip0-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64hpip0-devel-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64sane-hpaio1-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libhpip0-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libhpip0-devel-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libsane-hpaio1-2.7.7-8.1mdv2008.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxhplipp-cpe:/a:mandriva:linux:hplip
mandrivalinuxhplip-docp-cpe:/a:mandriva:linux:hplip-doc
mandrivalinuxhplip-hpijsp-cpe:/a:mandriva:linux:hplip-hpijs
mandrivalinuxhplip-hpijs-ppdsp-cpe:/a:mandriva:linux:hplip-hpijs-ppds
mandrivalinuxhplip-model-datap-cpe:/a:mandriva:linux:hplip-model-data
mandrivalinuxlib64hpip0p-cpe:/a:mandriva:linux:lib64hpip0
mandrivalinuxlib64hpip0-develp-cpe:/a:mandriva:linux:lib64hpip0-devel
mandrivalinuxlib64sane-hpaio1p-cpe:/a:mandriva:linux:lib64sane-hpaio1
mandrivalinuxlibhpip0p-cpe:/a:mandriva:linux:libhpip0
mandrivalinuxlibhpip0-develp-cpe:/a:mandriva:linux:libhpip0-devel
Rows per page:
1-10 of 141

Related

openvas 15
fedora 2
cve 1
nessus 11
packetstorm 1
redhat 1
securityvulns 2
d2 1
osv 1
gentoo 1
prion 1
oraclelinux 1
centos 1
debian 1
ubuntu 1
debiancve 1
nvd 1
cvelist 1
ubuntucve 1
openvas
openvas
Fedora Update for hplip FEDORA-2007-2527
2009-02-27 00:00:00
Ubuntu: Security Advisory (USN-530-1)
2009-03-23 00:00:00
SLES10: Security update for hplip17 and hplip17-hpijs
2009-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: hplip-1.7.4a-6.fc7
2007-10-12 20:02:57
[SECURITY] Fedora Core 6 Update: hplip-1.7.4a-3.fc6
2007-10-15 20:03:24
cve
cve
CVE-2007-5208
2007-10-13 00:17:00
nessus
nessus
Ubuntu 6.10 / 7.04 : hplip vulnerability (USN-530-1)
2007-11-10 00:00:00
CentOS 5 : hplip (CESA-2007:0960)
2010-01-06 00:00:00
openSUSE 10 Security Update : hplip (hplip-4516)
2007-10-17 00:00:00
packetstorm
packetstorm
hplip hpssd.py From Address Arbitrary Command Execution
2010-02-17 00:00:00
redhat
redhat
(RHSA-2007:0960) Important: hplip security update
2007-10-11 00:00:00
securityvulns
securityvulns
hplip shell characteres
2007-10-13 00:00:00
[USN-530-1] hplip vulnerability
2007-10-13 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_HPLIP
2007-10-13 00:17:00
osv
osv
hplip - missing input sanitising
2008-01-13 00:00:00
gentoo
gentoo
HPLIP: Privilege escalation
2007-10-24 00:00:00
prion
prion
Hardcoded credentials
2007-10-13 00:17:00
oraclelinux
oraclelinux
Important: hplip security update
2007-10-11 00:00:00
centos
centos
hpijs, hplip, libsane security update
2007-10-14 00:22:44
debian
debian
[SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation
2008-01-13 17:14:11
ubuntu
ubuntu
hplip vulnerability
2007-10-12 00:00:00
debiancve
debiancve
CVE-2007-5208
2007-10-13 00:17:00
nvd
nvd
CVE-2007-5208
2007-10-13 00:17:00
cvelist
cvelist
CVE-2007-5208
2007-10-13 00:00:00
ubuntucve
ubuntucve
CVE-2007-5208
2007-10-13 00:00:00

7.6 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.223 Low

EPSS

Percentile

96.5%

JSON
Related for MANDRAKE_MDKSA-2007-201.NASL
openvas15fedora2cve1nessus11packetstorm1redhat1securityvulns2d21osv1gentoo1prion1oraclelinux1centos1debian1ubuntu1debiancve1nvd1cvelist1ubuntucve1