HP Linux Imaging and Printing Project (hplip) Alert Mailing Function Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1020684
|
|
SecurityTracker URL: http://securitytracker.com/id?1020684
|
|
CVE Reference: CVE-2008-2940
(Links to External Site)
|
Date: Aug 12 2008
|
Impact: Execution of arbitrary code via local system, Root access via local system
|
Description: A vulnerability was reported in HP Linux Imaging and Printing Project (hplip). A local user can obtain elevated privileges on the target system.
A local user can send specially crafted packets to cause the alert mailing function to execute arbitrary commands on the target system with root privileges.
|
Impact: A local user can obtain root privileges on the target system.
|
Solution: No solution was available at the time of this entry.
[Editor's note: It is unclear if the current upstream version is affected.]
|
Vendor URL: hplip.sourceforge.net/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 12 Aug 2008 17:27:23 -0400
Subject: hplip
|
A flaw was discovered in the hplip alert-mailing functionality. A local
attacker could elevate their privileges by using specially-crafted packets
to trigger alert mails, which are sent by the root account. (CVE-2008-2940)
|
|
