CVE-2008-2940
Published: 14 August 2008
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
Notes
Author | Note |
---|---|
mdeslaur | code was removed in upstream 2.8.5 |
Priority
Status
Package | Release | Status |
---|---|---|
hplip Launchpad, Ubuntu, Debian |
dapper |
Released
(0.9.7-4ubuntu1.1)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(2.7.7.dfsg.1-0ubuntu5.1)
|
|
hardy |
Released
(2.8.2-0ubuntu8.1)
|
|
intrepid |
Not vulnerable
(2.8.7-0ubuntu6)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2008:169 vendor: http://www.redhat.com/support/errata/RHSA-2008-0818.html |