CVE-2008-2940
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
14/08/2008
Last modified:
09/04/2025
Description
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hp:linux_imaging_and_printing_project:1.6.7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
- http://secunia.com/advisories/31470
- http://secunia.com/advisories/31499
- http://secunia.com/advisories/32316
- http://secunia.com/advisories/32792
- http://securitytracker.com/id?1020684=
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A169
- http://www.redhat.com/support/errata/RHSA-2008-0818.html
- http://www.securityfocus.com/bid/30683
- http://www.ubuntu.com/usn/USN-674-1
- http://www.ubuntu.com/usn/USN-674-2
- https://bugzilla.redhat.com/show_bug.cgi?id=455235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44441
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10136
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
- http://secunia.com/advisories/31470
- http://secunia.com/advisories/31499
- http://secunia.com/advisories/32316
- http://secunia.com/advisories/32792
- http://securitytracker.com/id?1020684=
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A169
- http://www.redhat.com/support/errata/RHSA-2008-0818.html
- http://www.securityfocus.com/bid/30683
- http://www.ubuntu.com/usn/USN-674-1
- http://www.ubuntu.com/usn/USN-674-2
- https://bugzilla.redhat.com/show_bug.cgi?id=455235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44441
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10136