English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61956
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: hplip
Summary:The remote host is missing an update to the system; as announced in the referenced advisory.
Description:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: hplip

CVE-2008-2940
The alert-mailing implementation in HP Linux Imaging and Printing
(HPLIP) 1.6.7 allows local users to gain privileges and send e-mail
messages from the root account via vectors related to the setalerts
message, and lack of validation of the device URI associated with an
event message.

CVE-2008-2941
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing
(HPLIP) 1.6.7 allows local users to cause a denial of service (process
stop) via a crafted packet, as demonstrated by sending 'msg=0' to TCP
port 2207.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2940
1020684
http://securitytracker.com/id?1020684
30683
http://www.securityfocus.com/bid/30683
31470
http://secunia.com/advisories/31470
31499
http://secunia.com/advisories/31499
32316
http://secunia.com/advisories/32316
32792
http://secunia.com/advisories/32792
MDVSA-2008:169
http://www.mandriva.com/security/advisories?name=MDVSA-2008:169
RHSA-2008:0818
http://www.redhat.com/support/errata/RHSA-2008-0818.html
SUSE-SR:2008:021
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
USN-674-1
http://www.ubuntu.com/usn/USN-674-1
USN-674-2
http://www.ubuntu.com/usn/USN-674-2
hplip-alertmailing-privilege-escalation(44441)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44441
https://bugzilla.redhat.com/show_bug.cgi?id=455235
oval:org.mitre.oval:def:10136
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10136
Common Vulnerability Exposure (CVE) ID: CVE-2008-2941
1020683
http://securitytracker.com/id?1020683
hplip-hpssd-dos(44440)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44440
https://bugzilla.redhat.com/show_bug.cgi?id=457052
oval:org.mitre.oval:def:10636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10636
CopyrightCopyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.