Bug 457052 (CVE-2008-2941) - CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability
Summary: CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-2941
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 457056 457057 458989 458990 458991
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-29 13:43 UTC by Marc Schoenefeld
Modified: 2019-09-29 12:25 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-09-11 15:18:50 UTC
Embargoed:


Attachments (Terms of Use)
hplip-parse-crash.patch (14.07 KB, patch)
2008-07-29 14:52 UTC, Tim Waugh
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0818 0 normal SHIPPED_LIVE Moderate: hplip security update 2008-08-12 20:16:27 UTC

Description Marc Schoenefeld 2008-07-29 13:43:19 UTC
hplip is vulnerable to a Denial-Of-Service-Attack via it's listener port.

Comment 1 Marc Schoenefeld 2008-07-29 13:48:17 UTC
Description
===========

The problem is due to a flaw in the request parsing routines. 

To reproduce:
=============

$telnet 127.0.0.1 2207
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
msg=0
Connection closed by foreign host.

Impact
======
<mschoene> afterwards hpssd is down
<mschoene> will file another bug for it 
<twaugh> Yes, happens on RHEL-5.2 RC1 too

Comment 3 Tim Waugh 2008-07-29 14:52:30 UTC
Created attachment 312881 [details]
hplip-parse-crash.patch

The parser is very fragile in a lot of places.	This patch fixes up all the
delicate bits I could find.

Comment 7 Josh Bressers 2008-08-12 20:10:29 UTC
Lifting embargo

Comment 9 Red Hat Product Security 2008-09-11 15:18:50 UTC
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0818.html


Note You need to log in before you can comment on or make changes to this bug.