Vulnerabilities > CVE-2015-0839 - Key Management Errors vulnerability in HP Linux Imaging and Printing 3.17.7
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-775.NASL description CVE-2015-0839 The hplip plugin download function verifies the driver using a short-key. This is not secure because it is trivial to generate keys with arbitrary key IDs. For Debian 7 last seen 2020-03-17 modified 2017-01-03 plugin id 96191 published 2017-01-03 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96191 title Debian DLA-775-1 : hplip security update NASL family Fedora Local Security Checks NASL id FEDORA_2015-11916.NASL description fixes CVE-2015-0839 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-30 plugin id 85095 published 2015-07-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85095 title Fedora 21 : hplip-3.14.10-9.fc21 (2015-11916) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2699-1.NASL description Enrico Zini discovered that HPLIP used a short GPG key ID when downloading keys from the keyserver. An attacker could possibly use this to return a different key with a duplicate short key id and perform a man-in-the-middle attack on printer plugin installations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85157 published 2015-07-31 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85157 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : hplip vulnerability (USN-2699-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-11723.NASL description New upstream bug-fix release, which fixes CVE-2015-0839 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-29 plugin id 85063 published 2015-07-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85063 title Fedora 22 : hplip-3.15.7-1.fc22 (2015-11723)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162880.html
- http://www.openwall.com/lists/oss-security/2015/05/29/2
- http://www.openwall.com/lists/oss-security/2015/05/29/2
- http://www.securityfocus.com/bid/74913
- http://www.securityfocus.com/bid/74913
- http://www.ubuntu.com/usn/USN-2699-1
- http://www.ubuntu.com/usn/USN-2699-1
- https://bugs.launchpad.net/hplip/+bug/1432516
- https://bugs.launchpad.net/hplip/+bug/1432516
- https://bugzilla.redhat.com/show_bug.cgi?id=1227252
- https://bugzilla.redhat.com/show_bug.cgi?id=1227252