1038434 – (CVE-2013-6427) CVE-2013-6427 hplip: insecure auto update feature

Bug 1038434 (CVE-2013-6427) - CVE-2013-6427 hplip: insecure auto update feature

Summary: CVE-2013-6427 hplip: insecure auto update feature

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2013-6427
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-05 06:22 UTC by Murray McAllister
Modified:	2021-02-17 07:06 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-05 06:26:34 UTC
Embargoed:

Attachments	(Terms of Use)

Description Murray McAllister 2013-12-05 06:22:09 UTC

It was found that an upgrade script in hplip downloaded a file (via HTTP) and then executed it. A man-in-the-middle attacker could use this flaw to execute arbitrary code on a hplip client system.

On Red Hat Enterprise Linux 6 and Fedora the hplip RPM spec file removes the affected file at build time, for example:

rm -rf %{buildroot}%{_datadir}/hplip/upgrade.*
rm -rf %{buildroot}%{_bindir}/hp-upgrade

As such, the affected functionality is not shipped in the binary RPMs.

The versions of hplip and hplip3 in Red Hat Enterprise Linux 5 also do not contain the affected functionality.

References:
https://bugzilla.novell.com/show_bug.cgi?id=853405
http://www.openwall.com/lists/oss-security/2013/12/05/2

Comment 1 Murray McAllister 2013-12-05 06:25:11 UTC

Statement:

Not vulnerable. This issue did not affect the versions of hplip and hplip3 in Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.