CVE-2009-0122

hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
hphplip
2.7.7
hphplip
2.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hplip
bullseye
3.21.2+dfsg1-2
fixed
bookworm
3.22.10+dfsg0-2
fixed
sid
3.22.10+dfsg0-5.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
hplip
intrepid
not-affected
hardy
not-affected
gutsy
Fixed 2.7.7.dfsg.1-0ubuntu5.3
released
dapper
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/33539
http://www.securityfocus.com/bid/33249
http://www.ubuntu.com/usn/usn-708-1
https://launchpad.net/bugs/191299
http://secunia.com/advisories/33539
http://www.securityfocus.com/bid/33249
http://www.ubuntu.com/usn/usn-708-1
https://launchpad.net/bugs/191299