Sebastian Krahmer reported a flaw in how hplip discovered SNMP devices. If
certain hplip commands were run that queried SNMP devices, and a malicious user
were able to send crafted SNMP responses, it could cause the running hplip tool
to crash or, possibly, execute arbitrary code with the privileges of the user
running the tool.
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
Created attachment 468455 [details]
patch provided by Sebastian to correct the flaw
Created hplip tracking bugs for this issue
Affects: fedora-all [bug 670252]
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:0154 https://rhn.redhat.com/errata/RHSA-2011-0154.html