7.6

CVE-2007-5208

hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 67.26% 0.992
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/27271
http://bugs.gentoo.org/show_bug.cgi?id=195565
http://qa.mandriva.com/show_bug.cgi?id=30719
http://secunia.com/advisories/27202
http://secunia.com/advisories/27221
http://secunia.com/advisories/27224
http://secunia.com/advisories/27232
http://secunia.com/advisories/27332
http://secunia.com/advisories/27397
http://secunia.com/advisories/28453
http://security.gentoo.org/glsa/glsa-200710-26.xml
http://www.debian.org/security/2008/dsa-1462
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:201
http://www.redhat.com/support/errata/RHSA-2007-0960.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/26054
http://www.securitytracker.com/id?1018806
http://www.vupen.com/english/advisories/2007/3479
https://bugzilla.redhat.com/show_bug.cgi?id=319921
https://exchange.xforce.ibmcloud.com/vulnerabilities/37183
https://launchpad.net/bugs/149121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10692
https://usn.ubuntu.com/530-1/
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00200.html