HPLIP vulnerabilities

2008-11-1900:00:00

ubuntu.com

6.2 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.5%

JSON

Releases

Ubuntu 8.04
Ubuntu 7.10
Ubuntu 6.06

Packages

hplip -

Details

It was discovered that the hpssd tool of hplip did not validate
privileges in the alert-mailing function. A local attacker could
exploit this to gain privileges and send e-mail messages from the
account of the hplip user. This update alters hplip behaviour by
preventing users from setting alerts and by moving alert configuration
to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940)

It was discovered that the hpssd tool of hplip did not correctly
handle certain commands. A local attacker could use a specially
crafted packet to crash hpssd, leading to a denial of service.
(CVE-2008-2941)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchhplip< 2.8.2-0ubuntu8.1UNKNOWN
Ubuntu8.04noarchhpijs< 2.8.2+2.8.2-0ubuntu8.1UNKNOWN
Ubuntu8.04noarchhplip-dbg< 2.8.2-0ubuntu8.1UNKNOWN
Ubuntu7.10noarchhplip< 2.7.7.dfsg.1-0ubuntu5.1UNKNOWN
Ubuntu7.10noarchhpijs< 2.7.7+2.7.7.dfsg.1-0ubuntu5.1UNKNOWN
Ubuntu7.10noarchhplip< dbg-2.7.7.dfsg.1-0ubuntu5.1UNKNOWN
Ubuntu6.06noarchhplip< 0.9.7-4ubuntu1.1UNKNOWN
Ubuntu6.06noarchhpijs< 2.1.7+0.9.7-4ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.04	noarch	hplip	< 2.8.2-0ubuntu8.1	UNKNOWN
Ubuntu	8.04	noarch	hpijs	< 2.8.2+2.8.2-0ubuntu8.1	UNKNOWN
Ubuntu	8.04	noarch	hplip-dbg	< 2.8.2-0ubuntu8.1	UNKNOWN
Ubuntu	7.10	noarch	hplip	< 2.7.7.dfsg.1-0ubuntu5.1	UNKNOWN
Ubuntu	7.10	noarch	hpijs	< 2.7.7+2.7.7.dfsg.1-0ubuntu5.1	UNKNOWN
Ubuntu	7.10	noarch	hplip	< dbg-2.7.7.dfsg.1-0ubuntu5.1	UNKNOWN
Ubuntu	6.06	noarch	hplip	< 0.9.7-4ubuntu1.1	UNKNOWN
Ubuntu	6.06	noarch	hpijs	< 2.1.7+0.9.7-4ubuntu1.1	UNKNOWN