CVE-2007-5208 – hplip - 'hpssd.py' From Address Arbitrary Command Execution

https://notcve.org/view.php?id=CVE-2007-5208

hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail. hpssd en Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x y 2.x anterior a 2.7.10 permite a atacantes remotos dependientes de contexto ejecutar comandos de su elección mediante metacaracteres de shell en una dirección from, los cuales no son manejados adecuadamente al invocar a sendmail. • https://www.exploit-db.com/exploits/16837 http://bugs.gentoo.org/show_bug.cgi?id=195565 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://qa.mandriva.com/show_bug.cgi?id=30719 http://secunia.com/advisories/27202 http://secunia.com/advisories/27221 http://secunia.com/advisories/27224 http://secunia.com/advisories/27232 http://secunia.com/advisories/27271 http://secunia.com/advisories/27332 http://secunia.com/advisories/27397 http://secu • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •