Vulnerability Details : CVE-2007-5208
Public exploit exists!
hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2007-5208
Probability of exploitation activity in the next 30 days: 22.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2007-5208
-
HPLIP hpssd.py From Address Arbitrary Command Execution
Disclosure Date: 2007-10-04First seen: 2020-04-26exploit/linux/misc/hplip_hpssd_execThis module exploits a command execution vulnerable in the hpssd.py daemon of the Hewlett-Packard Linux Imaging and Printing Project. According to MITRE, versions 1.x and 2.x before 2.7.10 are vulnerable. This module was written and tested using the Fedora 6 Linux
CVSS scores for CVE-2007-5208
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2007-5208
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5208
-
https://usn.ubuntu.com/530-1/
-
http://qa.mandriva.com/show_bug.cgi?id=30719
-
http://www.securityfocus.com/bid/26054
HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
-
http://bugs.gentoo.org/show_bug.cgi?id=195565
-
http://www.securitytracker.com/id?1018806
-
http://security.gentoo.org/glsa/glsa-200710-26.xml
-
https://launchpad.net/bugs/149121
-
http://www.debian.org/security/2008/dsa-1462
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10692
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/37183
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
-
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00200.html
-
http://www.vupen.com/english/advisories/2007/3479
-
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:201
-
https://bugzilla.redhat.com/show_bug.cgi?id=319921
319921 – (CVE-2007-5208) CVE-2007-5208 hplip arbitrary command execution
-
http://www.redhat.com/support/errata/RHSA-2007-0960.html
Patch;Vendor Advisory
Products affected by CVE-2007-5208
- cpe:2.3:a:hp:linux_imaging_and_printing_project:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:1.0:*:*:*:*:*:*:*