Vulnerability Description
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Linux Imaging And Printing Project | 1.6.7 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
- http://secunia.com/advisories/31470
- http://secunia.com/advisories/31499
- http://secunia.com/advisories/32316
- http://secunia.com/advisories/32792
- http://securitytracker.com/id?1020684
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:169
- http://www.redhat.com/support/errata/RHSA-2008-0818.html
- http://www.securityfocus.com/bid/30683
- http://www.ubuntu.com/usn/USN-674-1
- http://www.ubuntu.com/usn/USN-674-2
- https://bugzilla.redhat.com/show_bug.cgi?id=455235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44441
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
FAQ
What is CVE-2008-2940?
CVE-2008-2940 is a vulnerability with a CVSS score of 7.2 (HIGH). The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalert...
How severe is CVE-2008-2940?
CVE-2008-2940 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2940?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Linux Imaging And Printing Project.