CVE-2008-2940

2008-08-1420:41:00

Debian Security Bug Tracker

security-tracker.debian.org

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.5%

JSON

The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.

OSVersionArchitecturePackageVersionFilename
Debian12allhplip< 2.8.6-1hplip_2.8.6-1_all.deb
Debian11allhplip< 2.8.6-1hplip_2.8.6-1_all.deb
Debian10allhplip< 2.8.6-1hplip_2.8.6-1_all.deb
Debian999allhplip< 2.8.6-1hplip_2.8.6-1_all.deb
Debian13allhplip< 2.8.6-1hplip_2.8.6-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	hplip	< 2.8.6-1	hplip_2.8.6-1_all.deb
Debian	11	all	hplip	< 2.8.6-1	hplip_2.8.6-1_all.deb
Debian	10	all	hplip	< 2.8.6-1	hplip_2.8.6-1_all.deb
Debian	999	all	hplip	< 2.8.6-1	hplip_2.8.6-1_all.deb
Debian	13	all	hplip	< 2.8.6-1	hplip_2.8.6-1_all.deb