CVE-2007-5208

EPSS 73.52%
Published 13.10.2007 00:17:00
Last modified 09.04.2025 00:30:58
Source security@ubuntu.com
Teams watchlist Login
Open Login

hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.

Affected products Warnungen 0 Metrics 2 CWE 1 References 27

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ Linux Imaging And Printing Project Version <= 2.7.10

Hp ≫ Linux Imaging And Printing Project Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	73.52%	0.987

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

http://secunia.com/advisories/27271

http://bugs.gentoo.org/show_bug.cgi?id=195565

http://qa.mandriva.com/show_bug.cgi?id=30719

http://secunia.com/advisories/27202

http://secunia.com/advisories/27221

http://secunia.com/advisories/27224

http://secunia.com/advisories/27232

http://secunia.com/advisories/27332

http://secunia.com/advisories/27397

http://secunia.com/advisories/28453

http://security.gentoo.org/glsa/glsa-200710-26.xml