APP: HP Linux Imaging and Printing System HSSPD.PY Vulnerability
This signature detects attempts to exploit a known vulnerability against HP Linux Imaging and Printing System. Versions 2.7.9 and below are vulnerable. A successful attack can allow attackers to inject commands onto the target system.
Extended Description
HP Linux Imaging and Printing System (HPLIP) is prone to an arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers. NOTE: By default the application's 'hpssd' daemon listens only on localhost, but it can be configured (via /etc/hp/hplip.conf) to listen to remote requests as well. HPLIP versions in the 1.0 and 2.0 series are vulnerable.
Affected Products
Hp linux_imaging_and_printing_system
Short Name
APP:HP-LIPS-HSSPD
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2007-5208 HP HSSPD.PY Imaging Linux Printing System Vulnerability and bid:26054
Release Date
12/17/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/2207
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Hp
Ubuntu
Mandriva
Debian
CVSS Score
7.6