HP Linux Imaging and Printing Project (hplip) Bug in hpssd Message Parser Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1020683 |
|
SecurityTracker URL: http://securitytracker.com/id/1020683
|
|
CVE Reference:
CVE-2008-2941
(Links to External Site)
|
Date: Aug 12 2008
|
Impact:
Denial of service via local system
|
|
|
Description:
A vulnerability was reported in HP Linux Imaging and Printing Project (hplip). A local user can cause denial of service conditions.
A local user can send specially crafted packets to the hpssd message parser to cause the hpssd process to crash.
The vulnerability resides in 'hpssd.py'.
A demonstration exploit is provided:
msg=0
|
Impact:
A local user can cause the hpssd process to crash.
|
Solution:
No solution was available at the time of this entry.
[Editor's note: It is unclear if the current upstream version is affected.]
|
Vendor URL: hplip.sourceforge.net/ (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 12 Aug 2008 17:27:12 -0400
Subject: hplip
|
A flaw was discovered in the hpssd message parser. By sending
specially-crafted packets, a local attacker could cause a denial of
service, stopping the hpssd process. (CVE-2008-2941)
|
|
