FreeBSD Local Security Checks : FreeBSD Ports: hplip

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61956

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: hplip

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: hplip

CVE-2008-2940
The alert-mailing implementation in HP Linux Imaging and Printing
(HPLIP) 1.6.7 allows local users to gain privileges and send e-mail
messages from the root account via vectors related to the setalerts
message, and lack of validation of the device URI associated with an
event message.

CVE-2008-2941
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing
(HPLIP) 1.6.7 allows local users to cause a denial of service (process
stop) via a crafted packet, as demonstrated by sending 'msg=0' to TCP
port 2207.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2940
1020684
http://securitytracker.com/id?1020684
30683
http://www.securityfocus.com/bid/30683
31470
http://secunia.com/advisories/31470
31499
http://secunia.com/advisories/31499
32316
http://secunia.com/advisories/32316
32792
http://secunia.com/advisories/32792
MDVSA-2008:169
http://www.mandriva.com/security/advisories?name=MDVSA-2008:169
RHSA-2008:0818
http://www.redhat.com/support/errata/RHSA-2008-0818.html
SUSE-SR:2008:021
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
USN-674-1
http://www.ubuntu.com/usn/USN-674-1
USN-674-2
http://www.ubuntu.com/usn/USN-674-2
hplip-alertmailing-privilege-escalation(44441)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44441
https://bugzilla.redhat.com/show_bug.cgi?id=455235
oval:org.mitre.oval:def:10136
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10136
Common Vulnerability Exposure (CVE) ID: CVE-2008-2941
1020683
http://securitytracker.com/id?1020683
hplip-hpssd-dos(44440)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44440
https://bugzilla.redhat.com/show_bug.cgi?id=457052
oval:org.mitre.oval:def:10636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10636

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61956
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: hplip
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: hplip CVE-2008-2940 The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. CVE-2008-2941 The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending 'msg=0' to TCP port 2207. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2940 1020684 http://securitytracker.com/id?1020684 30683 http://www.securityfocus.com/bid/30683 31470 http://secunia.com/advisories/31470 31499 http://secunia.com/advisories/31499 32316 http://secunia.com/advisories/32316 32792 http://secunia.com/advisories/32792 MDVSA-2008:169 http://www.mandriva.com/security/advisories?name=MDVSA-2008:169 RHSA-2008:0818 http://www.redhat.com/support/errata/RHSA-2008-0818.html SUSE-SR:2008:021 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html USN-674-1 http://www.ubuntu.com/usn/USN-674-1 USN-674-2 http://www.ubuntu.com/usn/USN-674-2 hplip-alertmailing-privilege-escalation(44441) https://exchange.xforce.ibmcloud.com/vulnerabilities/44441 https://bugzilla.redhat.com/show_bug.cgi?id=455235 oval:org.mitre.oval:def:10136 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10136 Common Vulnerability Exposure (CVE) ID: CVE-2008-2941 1020683 http://securitytracker.com/id?1020683 hplip-hpssd-dos(44440) https://exchange.xforce.ibmcloud.com/vulnerabilities/44440 https://bugzilla.redhat.com/show_bug.cgi?id=457052 oval:org.mitre.oval:def:10636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10636
Copyright	Copyright (C) 2008 E-Soft Inc.