CVE-2010-4267
published 2011-01-20CVE-2010-4267: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
10.81%
95.3th percentile
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hplip | < hplip 3.10.6-2 (bookworm) | hplip 3.10.6-2 (bookworm) |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9c9p-hhrq-f5v5: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml
ghsa_unreviewed·2022-05-17
CVE-2010-4267 [HIGH] CWE-119 GHSA-9c9p-hhrq-f5v5: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
OSV
CVE-2010-4267: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml
osv·2011-01-20·CVSS 7.5
CVE-2010-4267 [HIGH] CVE-2010-4267: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
Ubuntu
HPLIP vulnerability
vendor_ubuntu·2011-01-25
CVE-2010-4267 HPLIP vulnerability
Title: HPLIP vulnerability
Sebastian Krahmer discovered that HPLIP incorrectly handled certain long
SNMP responses. A remote attacker could send malicious SNMP replies to
certain HPLIP tools and cause them to crash or possibly execute arbitrary
code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
hplip: remote stack overflow vulnerability
vendor_redhat·2011-01-10·CVSS 7.5
CVE-2010-4267 [HIGH] hplip: remote stack overflow vulnerability
hplip: remote stack overflow vulnerability
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
Debian
CVE-2010-4267: hplip - Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in H...
vendor_debian·2010·CVSS 7.5
CVE-2010-4267 [HIGH] CVE-2010-4267: hplip - Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in H...
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
Scope: local
bookworm: resolved (fixed in 3.10.6-2)
bullseye: resolved (fixed in 3.10.6-2)
sid: resolved (fixed in 3.10.6-2)
trixie: resolved (fixed in 3.10.6-2)
No detection rules found.
Bugzilla
CVE-2010-4267 hplip: remote stack overflow vulnerability [fedora-all]
bugzilla·2011-01-17·CVSS 7.5
CVE-2010-4267 [HIGH] CVE-2010-4267 hplip: remote stack overflow vulnerability [fedora-all]
CVE-2010-4267 hplip: remote stack overflow vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=662740
Please note: this issue affects multiple supp
Bugzilla
CVE-2010-4267 hplip: remote stack overflow vulnerability
bugzilla·2010-12-13·CVSS 7.5
CVE-2010-4267 [HIGH] CVE-2010-4267 hplip: remote stack overflow vulnerability
CVE-2010-4267 hplip: remote stack overflow vulnerability
Sebastian Krahmer reported a flaw in how hplip discovered SNMP devices. If
certain hplip commands were run that queried SNMP devices, and a malicious user
were able to send crafted SNMP responses, it could cause the running hplip tool
to crash or, possibly, execute arbitrary code with the privileges of the user
running the tool.
Acknowledgements:
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
Discussion:
Created attachment 468455
patch provided by Sebastian to correct the flaw
---
Created hplip tracking bugs for this issue
Affects: fedora-all [bug 670252]
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHS
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://osvdb.org/70498http://secunia.com/advisories/42939http://secunia.com/advisories/42956http://secunia.com/advisories/43022http://secunia.com/advisories/43068http://secunia.com/advisories/43083http://secunia.com/advisories/43102http://secunia.com/advisories/48441http://security.gentoo.org/glsa/glsa-201203-17.xmlhttp://www.debian.org/security/2011/dsa-2152http://www.mandriva.com/security/advisories?name=MDVSA-2011:013http://www.redhat.com/support/errata/RHSA-2011-0154.htmlhttp://www.securityfocus.com/bid/45833http://www.securitytracker.com/id?1024967http://www.ubuntu.com/usn/USN-1051-1http://www.vupen.com/english/advisories/2011/0136http://www.vupen.com/english/advisories/2011/0160http://www.vupen.com/english/advisories/2011/0211http://www.vupen.com/english/advisories/2011/0212http://www.vupen.com/english/advisories/2011/0228http://www.vupen.com/english/advisories/2011/0243https://bugzilla.redhat.com/attachment.cgi?id=468455&action=diffhttps://bugzilla.redhat.com/show_bug.cgi?id=662740https://exchange.xforce.ibmcloud.com/vulnerabilities/64738http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://osvdb.org/70498http://secunia.com/advisories/42939http://secunia.com/advisories/42956http://secunia.com/advisories/43022http://secunia.com/advisories/43068http://secunia.com/advisories/43083http://secunia.com/advisories/43102http://secunia.com/advisories/48441http://security.gentoo.org/glsa/glsa-201203-17.xmlhttp://www.debian.org/security/2011/dsa-2152http://www.mandriva.com/security/advisories?name=MDVSA-2011:013http://www.redhat.com/support/errata/RHSA-2011-0154.htmlhttp://www.securityfocus.com/bid/45833http://www.securitytracker.com/id?1024967http://www.ubuntu.com/usn/USN-1051-1http://www.vupen.com/english/advisories/2011/0136http://www.vupen.com/english/advisories/2011/0160http://www.vupen.com/english/advisories/2011/0211http://www.vupen.com/english/advisories/2011/0212http://www.vupen.com/english/advisories/2011/0228http://www.vupen.com/english/advisories/2011/0243https://bugzilla.redhat.com/attachment.cgi?id=468455&action=diffhttps://bugzilla.redhat.com/show_bug.cgi?id=662740https://exchange.xforce.ibmcloud.com/vulnerabilities/64738
2011-01-20
Published