CVE-2009-0122 — HP Hplip vulnerability

CWE-2645 documents5 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 83.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Hplip Debian Hplip

Timeline

PublishedJan 15

Latest updateMay 2

Description

hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶NVDhp/hplip2.7.7, 2.8.2+1

▶debiandebian/hplip

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wxrh-23mc-r3rq: hplip↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

HPLIP vulnerability↗2009-01-13

▶

Debian

CVE-2009-0122: hplip - hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubunt...↗2009

▶

Red Hat

CVE-2009-0122: hplip↗

▶