>> Redhat Security Update Fixes hplip Privilege Escalation and DoS
Title : Redhat Security Update Fixes hplip Privilege Escalation and DoS VUPEN ID : VUPEN/ADV-2008-2360 CVE ID : CVE-2008-2940 - CVE-2008-2941
Rated as : Moderate Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2008-08-13
Technical Description
Two vulnerabilities have been identified in Red Hat Enterprise Linux, which could be exploited by local attackers to cause a denial of service or gain elevated privileges.
The first issue is caused by an error in the hplip (Hewlett-Packard Linux Imaging and Printing) alert-mailing functionality, which could be exploited by local attackers to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account.
The second vulnerability is caused by an error in the hpssd message parser, which could be exploited by local attackers to stop the hpssd process via a specially crafted packet.
