[vuxml] print/hplip: document CVE-2008-2940 and CVE-2008-2941
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Sun Nov 23 10:44:53 PST 2008
>Submitter-Id: current-users
>Originator: Eygene Ryabinkin
>Organization: Code Labs
>Confidential: no
>Synopsis: [vuxml] print/hplip: document CVE-2008-2940 and CVE-2008-2941
>Severity: serious
>Priority: high
>Category: ports
>Class: sw-bug
>Release: FreeBSD 7.1-PRERELEASE i386
>Environment:
System: FreeBSD 7.1-PRERELEASE i386
>Description:
Multiple vulnerabilities were discovered in the hplip 1.6.7 [1]. I had
analyzed RedHat patches [2] and [3]: first two (CVE-2008-2940) apply
"as-is" to FreeBSD's port (2.8.2_2) and the second one (CVE-2008-2941)
contains many fixes to the code that exists in 2.8.2_2 too. So, I am
counting current FreeBSD port as vulnerable to both attacks. Moreover,
I had traced the vulnerabilities through the release sources: proper
device_uri handling was introduced in 2.8.4 and parser fragility in
hpssd.py was eliminated in the same version, because hpssd was converted
to a systray application. So, 2.8.4 and higher should not be vulnerable
to the described attacks.
[1] http://www.securityfocus.com/bid/30683
[2] https://bugzilla.redhat.com/show_bug.cgi?id=455235
[3] https://bugzilla.redhat.com/show_bug.cgi?id=457052
>How-To-Repeat:
Look at the above references.
>Fix:
The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="">
<topic>hplip -- multiple vulnerabilities in hpssd component</topic>
<affects>
<package>
<name>hplip</name>
<range><lt>2.8.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus database says:</p>
<blockquote cite="http://www.securityfocus.com/bid/30683/discuss">
<p>HP Linux Imaging and Printing System (HPLIP) is prone
to multiple vulnerabilities, including privilege-escalation
and denial-of-service issues.</p>
<p>Exploiting the privilege-escalation vulnerability may
allow attackers to perform certain actions with elevated
privileges. Successful exploits of the denial-of-service
issue will cause the 'hpssd' process to crash, denying
service to legitimate users.</p>
<p>These issues affect HPLIP 1.6.7; other versions may also
be affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-2940</cvename>
<cvename>CVE-2008-2941</cvename>
<bid>30683</bid>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=457052</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=455235</url>
</references>
<dates>
<discovery>2008-08-12</discovery>
</dates>
</vuln>
--- vuln.xml ends here ---
More information about the freebsd-security
mailing list