Privilege Escalation Vulnerability in HP Linux Imaging and Printing
CVE-2008-2940

Currently unrated

Key Information:

Vendor: HP
Status: Linux Imaging And Printing Project
Vendor: CVE Published:; 14 August 2008

Summary

The alert-mailing feature in HP Linux Imaging and Printing (HPLIP) 1.6.7 has a critical flaw that allows local users to escalate privileges. This is accomplished through issues in the setalerts functionality and insufficient validation of device URIs linked to event messages. By exploiting this vulnerability, attackers can send email communications from the root account, potentially leading to unauthorized access or escalation of privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/44441

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/30683

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Aug 14, 2008
Vulnerability Reserved
Jun 30, 2008