Vulnerability Details CVE-2008-2940
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.5%
CVSS Severity
CVSS v2 Score 7.2
References
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
- http://secunia.com/advisories/31470
- http://secunia.com/advisories/31499
- http://secunia.com/advisories/32316
- http://secunia.com/advisories/32792
- http://securitytracker.com/id?1020684
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:169
- http://www.redhat.com/support/errata/RHSA-2008-0818.html
- http://www.securityfocus.com/bid/30683
- http://www.ubuntu.com/usn/USN-674-1
- http://www.ubuntu.com/usn/USN-674-2
- https://bugzilla.redhat.com/show_bug.cgi?id=455235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44441
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10136
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
- http://secunia.com/advisories/31470
- http://secunia.com/advisories/31499
- http://secunia.com/advisories/32316
- http://secunia.com/advisories/32792
- http://securitytracker.com/id?1020684
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:169
- http://www.redhat.com/support/errata/RHSA-2008-0818.html
- http://www.securityfocus.com/bid/30683
- http://www.ubuntu.com/usn/USN-674-1
- http://www.ubuntu.com/usn/USN-674-2
- https://bugzilla.redhat.com/show_bug.cgi?id=455235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44441
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10136
Products affected by CVE-2008-2940
-
cpe:2.3:a:hp:linux_imaging_and_printing_project:1.6.7