CVE-2007-5208

Name of the Vulnerable Software and Affected Versions hplip versions 1.x through 2.x before 2.7.10 hplip-data (affected versions not specified) hpijs-ppds (affected versions not specified) hplip-doc (affected versions not specified) hplip-dbg (affected versions not specified) hpijs (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the hplip package and its related components in Debian GNU/Linux, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The hpssd component in hplip is specifically vulnerable to context-dependent attacks, allowing the execution of arbitrary commands via shell metacharacters in a from address when invoking sendmail.

Recommendations For hplip versions 1.x through 2.x before 2.7.10, update to version 2.7.10 or later. For hplip-data, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For hpijs-ppds, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For hplip-doc, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For hplip-dbg, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For hpijs, at the moment, there is no information about a newer version that contains a fix for this vulnerability.