CVE - CVE-2007-5208

CVE-ID
CVE-2007-5208	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:26054 URL:http://www.securityfocus.com/bid/26054 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=195565 CONFIRM:~~http://qa.mandriva.com/show_bug.cgi?id=30719~~ (Obsolete source) CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=319921 DEBIAN:DSA-1462 URL:http://www.debian.org/security/2008/dsa-1462 FEDORA:FEDORA-2007-2527 URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00200.html GENTOO:GLSA-200710-26 URL:http://security.gentoo.org/glsa/glsa-200710-26.xml MANDRIVA:MDKSA-2007:201 URL:~~http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:201~~ (Obsolete source) MISC:https://launchpad.net/bugs/149121 OVAL:oval:org.mitre.oval:def:10692 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10692 REDHAT:RHSA-2007:0960 URL:http://www.redhat.com/support/errata/RHSA-2007-0960.html SECTRACK:1018806 URL:http://www.securitytracker.com/id?1018806 SECUNIA:27202 URL:http://secunia.com/advisories/27202 SECUNIA:27221 URL:http://secunia.com/advisories/27221 SECUNIA:27224 URL:http://secunia.com/advisories/27224 SECUNIA:27232 URL:http://secunia.com/advisories/27232 SECUNIA:27271 URL:http://secunia.com/advisories/27271 SECUNIA:27332 URL:http://secunia.com/advisories/27332 SECUNIA:27397 URL:http://secunia.com/advisories/27397 SECUNIA:28453 URL:http://secunia.com/advisories/28453 SUSE:SUSE-SR:2007:021 URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html UBUNTU:USN-530-1 URL:https://usn.ubuntu.com/530-1/ VUPEN:ADV-2007-3479 URL:~~http://www.vupen.com/english/advisories/2007/3479~~ (Obsolete source) XF:hplip-hpssd-command-execution(37183) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/37183
Assigning CNA
Canonical Ltd.
Date Record Created
20071004	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071004)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)