HP Linux Imaging and Printing Project (hplip) Alert Mailing Function Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1020684 |
|
SecurityTracker URL: http://securitytracker.com/id/1020684
|
|
CVE Reference:
CVE-2008-2940
(Links to External Site)
|
Date: Aug 12 2008
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
|
|
Description:
A vulnerability was reported in HP Linux Imaging and Printing Project (hplip). A local user can obtain elevated privileges on the target system.
A local user can send specially crafted packets to cause the alert mailing function to execute arbitrary commands on the target system with root privileges.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
No solution was available at the time of this entry.
[Editor's note: It is unclear if the current upstream version is affected.]
|
Vendor URL: hplip.sourceforge.net/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 12 Aug 2008 17:27:23 -0400
Subject: hplip
|
A flaw was discovered in the hplip alert-mailing functionality. A local
attacker could elevate their privileges by using specially-crafted packets
to trigger alert mails, which are sent by the root account. (CVE-2008-2940)
|
|
