CVE-2008-2940
First published: Mon Jul 14 2008(Updated: )
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Linux Imaging And Printing Project | =1.6.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=455235
- http://www.redhat.com/support/errata/RHSA-2008-0818.html
- http://securitytracker.com/id?1020684
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:169
- http://www.securityfocus.com/bid/30683
- http://secunia.com/advisories/31499
- http://secunia.com/advisories/31470
- http://secunia.com/advisories/32316
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
- http://secunia.com/advisories/32792
- http://www.ubuntu.com/usn/USN-674-1
- http://www.ubuntu.com/usn/USN-674-2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44441
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10136
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=312878&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=312878&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=312880&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=312880&action=edit
- http://rhn.redhat.com/errata/RHSA-2008-0818.html
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-2940
- agent/tags
- agent/trending
- vendor/hp
- canonical/hp linux imaging and printing project
- version/hp linux imaging and printing project/1.6.7