Bug 455235 (CVE-2008-2940)

Summary: CVE-2008-2940 hpssd of hplip allows unprivileged user to trigger alert mail
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bressers, dkovalsk, kreilly, mjc, security-response-team, skakar, twaugh, ykopkova
Target Milestone: ---Keywords: Security, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-11 15:14:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 455236, 455237, 458989, 458990, 458991    
Bug Blocks:    
Attachments:
Description Flags
hplip-validate-uri.patch
none
hplip-static-alerts-table.patch none

Comment 2 Marc Schoenefeld 2008-07-14 12:45:31 UTC 
==Description==

hpssd allows unprivileged local users to trigger alert mails 
by sending specially crafted packets
Comment 3 Tim Waugh 2008-07-29 14:50:21 UTC 
Created attachment 312878 [details]
hplip-validate-uri.patch

This is the first of two patches to address this problem.  This patch performs
validation on the device URI when handling an 'event' message, and improves the
validation code.
Comment 4 Tim Waugh 2008-07-29 14:51:42 UTC 
Created attachment 312880 [details]
hplip-static-alerts-table.patch

This is the second patch, which implements a static alerts table, stored in
/etc/hp/alerts.conf.  The 'setalerts' message now has no effect.
Comment 9 Josh Bressers 2008-08-12 20:11:10 UTC 
Lifting embargo
Comment 11 Red Hat Product Security 2008-09-11 15:14:50 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0818.html