CVE-2008-2940/-2941: security issues in hplip

Debian Bug report logs - #499842
CVE-2008-2940/-2941: security issues in hplip

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: submit@bugs.debian.org

Subject: CVE-2008-2940/-2941: security issues in hplip

Date: Tue, 23 Sep 2008 00:11:27 +0200

Package: hplip
Version: 1.6.10-3
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for hplip.

CVE-2008-2940[0]:
| The alert-mailing implementation in HP Linux Imaging and Printing
| (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail
| messages from the root account via vectors related to the setalerts
| message, and lack of validation of the device URI associated with an
| event message.

CVE-2008-2941[1]:
| The hpssd message parser in hpssd.py in HP Linux Imaging and
| Printing (HPLIP) 1.6.7 allows local users to cause a denial of
| service (process stop) via a crafted packet, as demonstrated by
| sending "msg=0" to TCP port 2207.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
    http://security-tracker.debian.net/tracker/CVE-2008-2940
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941
    http://security-tracker.debian.net/tracker/CVE-2008-2941

Message #10 received at 499842@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: 499842@bugs.debian.org

Cc: control@bugs.debian.org

Subject: CVE-2008-2940/-2941: security issues in hplip

Date: Fri, 3 Oct 2008 20:40:29 +0200

fixed 499842 2.8.6-1
thanks

Both issues affect 1.6.10-3etch4 in etch.

Of the three patches, this one

https://bugzilla.redhat.com/attachment.cgi?id=312880

introduces a new config file /etc/hp/alerts.conf . I am not sure if 
this is good for a stable security update, but it may be ok if the 
feature is nearly never used. Maybe the maintainer could comment?


The code in lenny (2.8.6) is quite different. AFAICS, hpssd does not 
open any listening socket anymore so CVE-2008-2941 is not an issue. 
And the alert email code seems to be commented out, therefore 
CVE-2008-2940 is also an non-issue.

Message #17 received at 499842-submitter@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: control@bugs.debian.org

Cc: 499842-submitter@bugs.debian.org

Subject: bug 499842 is forwarded to https://bugs.launchpad.net/hplip/+bug/273370

Date: Sat, 04 Oct 2008 09:53:40 +1000

forwarded 499842 https://bugs.launchpad.net/hplip/+bug/273370

Message #36 received at 499842-done@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: 499842-done@bugs.debian.org

Subject: Fwd: Bug#499842: CVE-2008-2940/-2941: security issues in hplip

Date: Fri, 21 May 2010 17:48:14 +1000

[Message part 1 (text/plain, inline)]

Package: hplip
Version: 2.8.6-1

----------  Forwarded Message  ----------

Subject: Bug#499842: CVE-2008-2940/-2941: security issues in hplip
Date: Saturday 04 October 2008, 04:40:29
From: Stefan Fritsch <sf@sfritsch.de>
To: 499842@bugs.debian.org
CC: control@bugs.debian.org

fixed 499842 2.8.6-1
thanks

Both issues affect 1.6.10-3etch4 in etch.

Of the three patches, this one

https://bugzilla.redhat.com/attachment.cgi?id=312880

introduces a new config file /etc/hp/alerts.conf . I am not sure if 
this is good for a stable security update, but it may be ok if the 
feature is nearly never used. Maybe the maintainer could comment?


The code in lenny (2.8.6) is quite different. AFAICS, hpssd does not 
open any listening socket anymore so CVE-2008-2941 is not an issue. 
And the alert email code seems to be commented out, therefore 
CVE-2008-2940 is also an non-issue.





-----------------------------------------

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.