CVE-2008-2940

Related Files

Ubuntu Security Notice 674-2

Posted Nov 24, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-674-2 - USN-674-1 provided packages to fix vulnerabilities in HPLIP. Due to an internal archive problem, the updates for Ubuntu 7.10 would not install properly. This update provides fixed packages for Ubuntu 7.10. We apologize for the inconvenience. Original advisory details: It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service.

tags | advisory, denial of service, local, root, vulnerability

systems | linux, ubuntu

advisories | CVE-2008-2940, CVE-2008-2941

SHA-256 | b2784440b0a617c94be32e180385f06c05cd97154f28d2d286492551ec4fe1b2

Download | Favorite | View

Ubuntu Security Notice 674-1

Posted Nov 19, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-674-1 - It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behavior by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service.

tags | advisory, denial of service, local, root

systems | linux, ubuntu

advisories | CVE-2008-2940, CVE-2008-2941

SHA-256 | d2c4d7347624881811ac3d78377e58ca2ac8f982b257415af5e7f2543208a54a

Download | Favorite | View

Mandriva Linux Security Advisory 2008-169

Posted Aug 14, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account. Another vulnerability was discovered by Marc Schoenefeld in the hpssd message parser that could allow a local attacker to stop the hpssd process by sending specially-crafted packets, causing a denial of service. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, local, root

systems | linux, redhat, mandriva

advisories | CVE-2008-2940, CVE-2008-2941

SHA-256 | 6795cd9f04e5887e773481d7eeb670df41567a78f63d3ae89b6d00acd4462e78

Download | Favorite | View