Bug 457052 - (CVE-2008-2941) CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability
CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=redhat,public=20080812,reporte...
: Security
Depends On: 457056 457057 458989 458990 458991
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-29 09:43 EDT by Marc Schoenefeld
Modified: 2016-06-17 17:10 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-11 11:18:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
hplip-parse-crash.patch (14.07 KB, patch)
2008-07-29 10:52 EDT, Tim Waugh
no flags Details | Diff

  None (edit)
Description Marc Schoenefeld 2008-07-29 09:43:19 EDT
hplip is vulnerable to a Denial-Of-Service-Attack via it's listener port.
Comment 1 Marc Schoenefeld 2008-07-29 09:48:17 EDT
Description
===========

The problem is due to a flaw in the request parsing routines. 

To reproduce:
=============

$telnet 127.0.0.1 2207
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
msg=0
Connection closed by foreign host.

Impact
======
<mschoene> afterwards hpssd is down
<mschoene> will file another bug for it 
<twaugh> Yes, happens on RHEL-5.2 RC1 too
Comment 3 Tim Waugh 2008-07-29 10:52:30 EDT
Created attachment 312881 [details]
hplip-parse-crash.patch

The parser is very fragile in a lot of places.	This patch fixes up all the
delicate bits I could find.
Comment 7 Josh Bressers 2008-08-12 16:10:29 EDT
Lifting embargo
Comment 9 Red Hat Product Security 2008-09-11 11:18:50 EDT
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0818.html

Note You need to log in before you can comment on or make changes to this bug.