[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] insecure temp file creation in LPRng

To: linux-security
Subject: [linux-security] insecure temp file creation in LPRng
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 30 May 2003 15:08:09 -0700
User-Agent: Mutt/1.4.1i

Topic
=====
insecure temp file creation in LPRng

Problem Description
===================
psbanner, a printer filter that creates a PostScript format banner and is
part of LPRng, insecurely creates a temporary file for debugging purpose
when it is configured as filter. The program does not check whether this
file already exists or is linked to another place, psbanner writes its
current environment and called arguments to the file unconditionally with
the user id that LPRng is running as. An attacker could cause arbitrary
files to be written under the id of the LPRng user.

Affected Versions
=================
LPRng-3.8.20 and earlier

Solution
========
Upgrade to version 3.8.21 or patched version for your distribution

RedHat 7.1
----------
rpm -Fvh LPRng-3.7.4-23.2.i386.rpm

RedHat 7.2
----------
rpm -Fvh LPRng-3.7.4-28.2.i386.rpm

RedHat 7.3
----------
rpm -Fvh LPRng-3.8.9-4.1.i386.rpm

RedHat 8.0
----------
rpm -Fvh LPRng-3.8.9-6.1.i386.rpm

RedHat 9
--------
rpm -Fvh LPRng-3.8.19-3.1.i386.rpm

Debian 3.0 (woody)
------------------
upgrade to lprng_3.8.10-1.2_i386.deb

Debian 2.2 (potato)
-------------------
not affected

Prev by Date: [linux-security] ethereal remote exploit
Next by Date: [linux-security] KDE remote exploit
Prev by thread: [linux-security] KDE remote exploit
Next by thread: [linux-security] ethereal remote exploit
Index(es):
- Date
- Thread