CVE-2009-0122

Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing (HPLIP) versions 2.7.7 through 2.8.2

Description The issue allows local users to change the ownership of arbitrary files via manipulations before an HPLIP installation or upgrade by an administrator. This is related to the product's attempt to correct the ownership of its configuration files within home directories.

Recommendations For HP Linux Imaging and Printing (HPLIP) versions 2.7.7 through 2.8.2, consider restricting access to the hplip.postinst script until a patch is available. As a temporary workaround, avoid running the HPLIP installation or upgrade as an administrator until the issue is resolved.