A vulnerability and a weakness has been reported in HPLIP, which can be exploited by malicious, local users to manipulate certain data and by malicious people to compromise a vulnerable system.
1) A boundary error in the "hpmud_get_pml()" function (io/hpmud/pml.c) when using certain tools to discover devices using SNMP can be exploited to cause a stack-based buffer overflow by returning a specially crafted SNMP response.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
2) A weakness in the HP CUPS fax filter (prnt/hpijs/hpcupsfax.cpp) due to the "send_data_to_stdout()" function creating temporary files insecurely can be exploited via symlink attacks (/tmp/hpcupsfax.out) to overwrite arbitrary files with the privileges of the user running the filter.
The vulnerability and the weakness are reported in versions 3.10.9 and 3.11.7. Other versions may also be affected.
Solution: Update to version 3.11.10 which fixes weakness #2. Do not use SNMP-based command line tools.
Provided and/or discovered by: 1) Sebastian Krahmer, SuSE Security Team.
2) Matthias Weckbecker.
Original Advisory: Novell Bug Reports:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org