Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: 200306-04 Critical: LPRng Exploit of Symlink Attack

gentoo
Calendar Grey June 14, 2003
Dist Gentoo Esm H88
Residents in the area can exploit the psbanner vulnerability in LPRng to conduct a symbolic link attack, causing unauthorized file substitutions; update LPRng immediately
psbanner in the LPRng package allows local users to overwrite arbitraryfiles via a symbolic link attack on the /tmp/before file.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-04
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

psbanner in the LPRng package allows local users to overwrite arbitrary
files via a symbolic link attack on the /tmp/before file.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-print/lprng upgrade to lprng-3.8.12-r1 as follows

emerge sync
emerge lprng
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory gentoo critical local exploit symbolic link attack lprng

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : lprng
SUMMARY : symbolic link attack
DATE : 2003-06-14 15:35 UTC
EXPLOIT : local
VERSIONS AFFECTED : =lprng-3.8.12-r1
CVE : CAN-2003-0136

Topics%20covered

Topics Covered

security advisory gentoo critical local exploit symbolic link attack lprng

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here