Debian Bug report logs -
#447341
CVE-2007-5208 arbitrary command execution via unfiltered from address
Reported by: Nico Golde <nion@debian.org>
Date: Sat, 20 Oct 2007 10:00:02 UTC
Severity: grave
Tags: patch, security
Found in version hplip/1.6.10-3
Fixed in versions hplip/1.6.10-4.3, hplip/1.6.10-4.2+lenny1, 1.6.10-4.2+lenny1, 1.6.10-4.3, 1.6.12-1
Done: Moritz Muehlenhoff <jmm@inutil.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Henrique de Moraes Holschuh <hmh@debian.org>:
Bug#447341; Package hplip.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Henrique de Moraes Holschuh <hmh@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: hplip
Version: 1.6.10-3
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for hplip.
CVE-2007-5208[0]:
| hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip)
| 1.x and 2.x before 2.7.10 allows context-dependent attackers to
| execute arbitrary commands via shell metacharacters in a from address,
| which is not properly handled when invoking sendmail.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
You can find a patch on:
http://launchpadlibrarian.net/9737865/90_subprocess_replacement.dpatch
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Henrique de Moraes Holschuh <hmh@debian.org>:
Bug#447341; Package hplip.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Henrique de Moraes Holschuh <hmh@debian.org>.
(full text, mbox, link).
Message #10 received at 447341@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
attached is a patch for an NMU which should fix this
vulnerability.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/hplip-1.6.10-4.2_1.6.10-4.3.patch
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[hplip-1.6.10-4.2_1.6.10-4.3.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Henrique de Moraes Holschuh <hmh@debian.org>:
Bug#447341; Package hplip.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Henrique de Moraes Holschuh <hmh@debian.org>.
(full text, mbox, link).
Message #15 received at 447341@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
uploading now with permission of Henrique.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 447341-close@bugs.debian.org (full text, mbox, reply):
Source: hplip
Source-Version: 1.6.10-4.3
We believe that the bug you reported is fixed in the latest version of
hplip, which is due to be installed in the Debian FTP archive:
hpijs-ppds_2.6.10+1.6.10-4.3_all.deb
to pool/main/h/hplip/hpijs-ppds_2.6.10+1.6.10-4.3_all.deb
hpijs_2.6.10+1.6.10-4.3_i386.deb
to pool/main/h/hplip/hpijs_2.6.10+1.6.10-4.3_i386.deb
hplip-data_1.6.10-4.3_all.deb
to pool/main/h/hplip/hplip-data_1.6.10-4.3_all.deb
hplip-dbg_1.6.10-4.3_i386.deb
to pool/main/h/hplip/hplip-dbg_1.6.10-4.3_i386.deb
hplip-doc_1.6.10-4.3_all.deb
to pool/main/h/hplip/hplip-doc_1.6.10-4.3_all.deb
hplip_1.6.10-4.3.diff.gz
to pool/main/h/hplip/hplip_1.6.10-4.3.diff.gz
hplip_1.6.10-4.3.dsc
to pool/main/h/hplip/hplip_1.6.10-4.3.dsc
hplip_1.6.10-4.3_i386.deb
to pool/main/h/hplip/hplip_1.6.10-4.3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 447341@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated hplip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 22 Oct 2007 10:31:55 +0200
Source: hplip
Binary: hpijs hplip-data hpijs-ppds hplip hplip-doc hplip-dbg
Architecture: source all i386
Version: 1.6.10-4.3
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
hpijs - HP Linux Printing and Imaging - gs IJS driver (hpijs)
hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
hplip - HP Linux Printing and Imaging System (HPLIP)
hplip-data - HP Linux Printing and Imaging - data files
hplip-dbg - HP Linux Printing and Imaging - debugging information
hplip-doc - HP Linux Printing and Imaging - documentation
Closes: 447341
Changes:
hplip (1.6.10-4.3) unstable; urgency=high
.
* Non-maintainer upload by testing security team.
* Included CVE-2007-5208.dpatch to fix
arbitrary command execution in hpssd via crafted from address
because of missing sanitization (CVE-2007-5208) (Closes: #447341).
Files:
094ed210c3e1374d2c9e068c641a00ee 887 utils optional hplip_1.6.10-4.3.dsc
b2651411d5f37b2bd99337546990dd1e 257667 utils optional hplip_1.6.10-4.3.diff.gz
f40a568a2e2f3c7a1654d0474261d78a 1770786 utils optional hpijs-ppds_2.6.10+1.6.10-4.3_all.deb
c11cd71b7be641a405a5e7ca4995f5bc 6293596 utils optional hplip-data_1.6.10-4.3_all.deb
2a3dbd90fdf501de5dcd0811bc8329cd 1620382 doc optional hplip-doc_1.6.10-4.3_all.deb
ad73bce3e5307892ea791e6210a953a2 345666 text optional hpijs_2.6.10+1.6.10-4.3_i386.deb
183ce57f0381efe640450d0283e8a5c0 567272 utils optional hplip_1.6.10-4.3_i386.deb
cfe0d661472fb502b0e2539c054e47c3 820162 utils extra hplip-dbg_1.6.10-4.3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHHgdeHYflSXNkfP8RAmDiAKCREhxx6FS741kRH5JJBWnJLz3rcwCfSiwv
NL4m5BK9IPeHTjTNZ90rQd0=
=6B1e
-----END PGP SIGNATURE-----
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #25 received at 447341-close@bugs.debian.org (full text, mbox, reply):
Source: hplip
Source-Version: 1.6.10-4.2+lenny1
We believe that the bug you reported is fixed in the latest version of
hplip, which is due to be installed in the Debian FTP archive:
hpijs-ppds_2.6.10+1.6.10-4.2+lenny1_all.deb
to pool/main/h/hplip/hpijs-ppds_2.6.10+1.6.10-4.2+lenny1_all.deb
hpijs_2.6.10+1.6.10-4.2+lenny1_i386.deb
to pool/main/h/hplip/hpijs_2.6.10+1.6.10-4.2+lenny1_i386.deb
hplip-data_1.6.10-4.2+lenny1_all.deb
to pool/main/h/hplip/hplip-data_1.6.10-4.2+lenny1_all.deb
hplip-dbg_1.6.10-4.2+lenny1_i386.deb
to pool/main/h/hplip/hplip-dbg_1.6.10-4.2+lenny1_i386.deb
hplip-doc_1.6.10-4.2+lenny1_all.deb
to pool/main/h/hplip/hplip-doc_1.6.10-4.2+lenny1_all.deb
hplip_1.6.10-4.2+lenny1.diff.gz
to pool/main/h/hplip/hplip_1.6.10-4.2+lenny1.diff.gz
hplip_1.6.10-4.2+lenny1.dsc
to pool/main/h/hplip/hplip_1.6.10-4.2+lenny1.dsc
hplip_1.6.10-4.2+lenny1_i386.deb
to pool/main/h/hplip/hplip_1.6.10-4.2+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 447341@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated hplip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 22 Oct 2007 10:31:55 +0200
Source: hplip
Binary: hpijs hplip-data hpijs-ppds hplip hplip-doc hplip-dbg
Architecture: source all i386
Version: 1.6.10-4.2+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
hpijs - HP Linux Printing and Imaging - gs IJS driver (hpijs)
hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
hplip - HP Linux Printing and Imaging System (HPLIP)
hplip-data - HP Linux Printing and Imaging - data files
hplip-dbg - HP Linux Printing and Imaging - debugging information
hplip-doc - HP Linux Printing and Imaging - documentation
Closes: 447341
Changes:
hplip (1.6.10-4.2+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by testing security team.
* Included CVE-2007-5208.dpatch to fix
arbitrary command execution in hpssd via crafted from address
because of missing sanitization (CVE-2007-5208) (Closes: #447341).
Files:
96b66cfec0be1cd061bc03f47da0862f 901 utils optional hplip_1.6.10-4.2+lenny1.dsc
01519018343978776fe4acfbdb7cb6df 10561620 utils optional hplip_1.6.10.orig.tar.gz
4a5ebc1dcba8eb3db1439af713b17571 251716 utils optional hplip_1.6.10-4.2+lenny1.diff.gz
aeac225ba4b17f030dd5d03cf1e2a892 1759584 utils optional hpijs-ppds_2.6.10+1.6.10-4.2+lenny1_all.deb
0d068c678b8735d51ecdcb89a6198ccf 6294014 utils optional hplip-data_1.6.10-4.2+lenny1_all.deb
0bf977ecd2e7d7205060c1a7dcee629d 1617880 doc optional hplip-doc_1.6.10-4.2+lenny1_all.deb
774656e689b1ae916bf8a95effbc1ff6 345310 text optional hpijs_2.6.10+1.6.10-4.2+lenny1_i386.deb
8a7bac4f58cc2517d84c26faab97c29b 568794 utils optional hplip_1.6.10-4.2+lenny1_i386.deb
37d107e3515900d52ce981bc6e5e6200 821722 utils extra hplip-dbg_1.6.10-4.2+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHIHyNHYflSXNkfP8RAr9fAJ9sjeonLJI4TvZnWUrHbNzEEwnYpgCgpQGE
XrIDdX3JiboV8Hf7iNPO1nI=
=/z43
-----END PGP SIGNATURE-----
Reply sent to Mark Purcell <msp@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #30 received at 447341-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 1.6.10-4.2+lenny1
[signature.asc (application/pgp-signature, inline)]
Message #31 received at 447341-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version 1.6.12-1
[signature.asc (application/pgp-signature, inline)]
Reply sent to Moritz Muehlenhoff <jmm@inutil.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #36 received at 447341-done@bugs.debian.org (full text, mbox, reply):
Version: 1.6.10-4.3
On Sat, Oct 20, 2007 at 11:58:37AM +0200, Nico Golde wrote:
> Package: hplip
> Version: 1.6.10-3
> Severity: grave
> Tags: security patch
Closing versioned against the fix uploaded to sid some time ago,
since this still showed up at bts.turmzimmer.net
Cheers,
Moritz
Bug marked as fixed in version 1.6.12-1.
Request was from Mark Purcell <msp@debian.org>
to control@bugs.debian.org.
(Thu, 03 Jul 2008 08:30:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 16 Feb 2009 08:07:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:56:30 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon