CVE-2008-2940 hpssd of hplip allows unprivileged user to trigger alert mail
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HPLIP |
Fix Released
|
Medium
|
dwelch91 | ||
hplip (Debian) |
Fix Released
|
Unknown
|
|||
hplip (Fedora) |
Fix Released
|
Medium
|
Bug Description
Request confirmation that these two CVE's (hplip 1.6.7) are fixed in the current hplip and if so which version of hplip were they fixed in.
hpssd was replaced by hp-systray in 2.8.4, but was the code fixed?
CVE-2008-2940
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
CVE-2008-2941
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
Changed in hplip: | |
status: | Unknown → Fix Released |
Changed in hplip: | |
status: | Unknown → New |
Changed in hplip: | |
status: | New → Confirmed |
Changed in hplip: | |
assignee: | nobody → dwelch91 |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in hplip: | |
status: | Triaged → Fix Released |
Changed in hplip (Debian): | |
status: | Confirmed → Fix Released |
Changed in hplip (Fedora): | |
importance: | Unknown → Medium |
==Description==
hpssd allows unprivileged local users to trigger alert mails
by sending specially crafted packets