| Vulnerability Name: | CVE-2008-2940 (CCN-44441) | ||||||||||||||||||||||||||||||||
| Assigned: | 2008-08-12 | ||||||||||||||||||||||||||||||||
| Published: | 2008-08-12 | ||||||||||||||||||||||||||||||||
| Updated: | 2017-09-29 | ||||||||||||||||||||||||||||||||
| Summary: | The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2008-2940 Source: CCN Type: HPLIP Web page HP Linux Imaging and Printing (HPLIP) Source: SUSE Type: UNKNOWN SUSE-SR:2008:021 Source: CCN Type: RHSA-2008-0818 Moderate: hplip security update Source: CCN Type: SA31470 HPLIP hpssd Denial of Service Source: SECUNIA Type: UNKNOWN 31470 Source: SECUNIA Type: UNKNOWN 31499 Source: SECUNIA Type: UNKNOWN 32316 Source: SECUNIA Type: UNKNOWN 32792 Source: CCN Type: SECTRACK ID: 1020684 HP Linux Imaging and Printing Project (hplip) Alert Mailing Function Lets Local Users Gain Elevated Privileges Source: SECTRACK Type: UNKNOWN 1020684 Source: MANDRIVA Type: UNKNOWN MDVSA-2008:169 Source: REDHAT Type: UNKNOWN RHSA-2008:0818 Source: BID Type: UNKNOWN 30683 Source: CCN Type: BID-30683 HP Linux Imaging and Printing System Privilege Escalation And Denial Of Service Vulnerabilities Source: CCN Type: USN-674-1 HPLIP vulnerabilities Source: UBUNTU Type: UNKNOWN USN-674-1 Source: CCN Type: USN-674-2 HPLIP vulnerabilities Source: UBUNTU Type: UNKNOWN USN-674-2 Source: CCN Type: Red Hat Bugzilla Bug 455235 CVE-2008-2940 hpssd of hplip allows unprivileged user to trigger alert mail Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=455235 Source: XF Type: UNKNOWN hplip-alertmailing-privilege-escalation(44441) Source: XF Type: UNKNOWN hplip-alertmailing-privilege-escalation(44441) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10136 Source: SUSE Type: SUSE-SR:2008:021 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||