Vulnerability Name: | CVE-2009-0122 (CCN-47955) | ||||||||
Assigned: | 2009-01-13 | ||||||||
Published: | 2009-01-13 | ||||||||
Updated: | 2009-01-31 | ||||||||
Summary: | hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2009-0122 Source: CCN Type: SA33539 Ubuntu hplip Privilege Escalation Security Issue Source: SECUNIA Type: UNKNOWN 33539 Source: CCN Type: OSVDB ID: 53408 HP Linux Imaging and Printing (HPLIP) on Ubuntu hplip.postinst Arbitrary File Ownership Manipulation Source: BID Type: Patch 33249 Source: CCN Type: BID-33249 HP Linux Imaging and Printing System 'hplip.postinst' Local Privilege Escalation Vulnerability Source: CCN Type: USN-708-1 HPLIP vulnerability Source: UBUNTU Type: UNKNOWN USN-708-1 Source: CCN Type: Bug #191299 in hplip (Ubuntu) Changes ownership of root directory to hplip:lp Source: XF Type: UNKNOWN hp-linuxprinting-hplip-privilege-escalation(47955) Source: CONFIRM Type: Exploit https://launchpad.net/bugs/191299 Source: CCN Type: ubuntu-security-announce Mailing List, Tue Jan 13 20:50:26 GMT 2009 [USN-708-1] HPLIP vulnerability | ||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |