aru Posted May 21, 2003 Report Share Posted May 21, 2003 MandrakeSoft Security Advisory MDKSA-2003:060 : LPRng May 21st, 2003 Updated LPRng packages fix insecure temporary file vulnerability Karol Lewandowski discovered a problem with psbanner, a printer filter that creates a PostScript format banner. psbanner creates a temporary file for debugging purposes when it is configured as a filter, and does not check whether or not this file already exists or is a symlink. The filter will overwrite this file, or the file it is pointing to (if it is a symlink) with its current environment and called arguments with the user id that LPRng is running as. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:060 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0136 Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts