Operating System:

[UNIX/Linux][RedHat]

Published:

12 October 2007

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2007.0781 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2007.0781 -- [UNIX/Linux][RedHat]
       Important: hplip (Hewlett-Packard Linux Imaging and Printing
                         Project) security update
                              12 October 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              hplip (Hewlett-Packard Linux Imaging and Printing Project)
Publisher:            Red Hat
Operating System:     Red Hat Enterprise Linux AS/ES/WS 5
                      UNIX variants (UNIX, Linux, OSX)
Impact:               Execute Arbitrary Code/Commands
Access:               Existing Account
CVE Names:            CVE-2007-5208

Original Bulletin:    https://rhn.redhat.com/errata/RHSA-2007-0960.html

Comment: This advisory references vulnerabilities in products which run on
         platforms other than RedHat. It is recommended that administrators
         running Hewlett-Packard Linux Imaging and Printing Project check
         for an updated version of the software for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: hplip security update
Advisory ID:       RHSA-2007:0960-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0960.html
Issue date:        2007-10-11
Updated on:        2007-10-11
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-5208 
- - ---------------------------------------------------------------------

1. Summary:

An updated hplip package to correct a security flaw is now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64

3. Problem description:

The hplip (Hewlett-Packard Linux Imaging and Printing Project) package
provides drivers for HP printers and multi-function peripherals.

Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user.
(CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted
policy for hpssd which is enabled by default, blocks the ability to exploit
this issue to run arbitrary code.

Users of hplip are advised to upgrade to this updated package, which
contains backported patches to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

319921 - CVE-2007-5208 hplip arbitrary command execution

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hplip-1.6.7-4.1.el5_0.3.src.rpm
c5f2b2ce887ac95075ba475d45baac01  hplip-1.6.7-4.1.el5_0.3.src.rpm

i386:
4be2c867b1246aeed68d0844596d787c  hpijs-1.6.7-4.1.el5_0.3.i386.rpm
7afd906783f52fe1fa197fc1f3856715  hplip-1.6.7-4.1.el5_0.3.i386.rpm
5742b8afde9f3b3cb0d55c2921ba2e9a  hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm
da6f95abff9164ef5bae0047158c15b0  libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm

x86_64:
747e4df638df0a43104e0836d229d079  hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm
a9eef76431a904c7bc8f306e133e496f  hplip-1.6.7-4.1.el5_0.3.x86_64.rpm
1bbd3357075d96b2ed3d6126a7714032  hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm
2b58cb4d8adf686133f691888887cbbf  libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hplip-1.6.7-4.1.el5_0.3.src.rpm
c5f2b2ce887ac95075ba475d45baac01  hplip-1.6.7-4.1.el5_0.3.src.rpm

i386:
4be2c867b1246aeed68d0844596d787c  hpijs-1.6.7-4.1.el5_0.3.i386.rpm
7afd906783f52fe1fa197fc1f3856715  hplip-1.6.7-4.1.el5_0.3.i386.rpm
5742b8afde9f3b3cb0d55c2921ba2e9a  hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm
da6f95abff9164ef5bae0047158c15b0  libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm

ia64:
7cf2ec0558c04de7ee684bb67315a752  hpijs-1.6.7-4.1.el5_0.3.ia64.rpm
f43e3af12f7377c05bf629b6a893ba1d  hplip-1.6.7-4.1.el5_0.3.ia64.rpm
93f88c75d678539ee3a1efdffee5b8eb  hplip-debuginfo-1.6.7-4.1.el5_0.3.ia64.rpm
d40d9655bbb0774cae895de6fd93c63e  libsane-hpaio-1.6.7-4.1.el5_0.3.ia64.rpm

ppc:
4ca6e4a9d3f6abf3d990af0eff16e602  hpijs-1.6.7-4.1.el5_0.3.ppc.rpm
a9793da0ce6476abccdb932bc28807c4  hplip-1.6.7-4.1.el5_0.3.ppc.rpm
b9d06b0bffd5a93252120da08a2691fc  hplip-debuginfo-1.6.7-4.1.el5_0.3.ppc.rpm
d4713ab787b5f3fa636a6a6dc2a27caf  libsane-hpaio-1.6.7-4.1.el5_0.3.ppc.rpm

x86_64:
747e4df638df0a43104e0836d229d079  hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm
a9eef76431a904c7bc8f306e133e496f  hplip-1.6.7-4.1.el5_0.3.x86_64.rpm
1bbd3357075d96b2ed3d6126a7714032  hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm
2b58cb4d8adf686133f691888887cbbf  libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHDmrcXlSAg2UNWIIRAv3gAJ9lilA7doBsplxy2WXbHIHSnYvc+gCgoRQF
m1qAthSbglekmykuzjq8t50=
=Q+AF
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRw6+xSh9+71yA2DNAQLoxAP+P5nuohWJfVGkgUVNHSEwxizCjYTvroe1
Pr00SuvUxcLHJ/NSTnLVnhtbX7Xo/grY6vl5vEjNPm+rqkpUXIQ3KXYmpbjnt/m2
eMXdNHwE3kmZAMsFp3k64YWblstwOIQ0banDTupgLmyO4LN1UTGy/FloGLKWX52Q
WZ666i4gwlg=
=pUtZ
-----END PGP SIGNATURE-----