ID CVE-2008-2940
Type cve
Modified 2017-09-29T01:31:00


The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.

"A local user can send specially crafted packets to cause the alert mailing function to execute arbitrary commands on the target system with root privileges.

Impact: A local user can obtain root privileges on the target system."