CVE-2008-2940

2008-08-14T20:41:00
ID CVE-2008-2940
Type cve
Reporter cve@mitre.org
Modified 2017-09-29T01:31:00

Description

The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. http://securitytracker.com/alerts/2008/Aug/1020684.html

"A local user can send specially crafted packets to cause the alert mailing function to execute arbitrary commands on the target system with root privileges.

Impact: A local user can obtain root privileges on the target system."