Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: a6149.htm

lprng insecure temporary file creation



16th Apr 2003 [SBWID-6149]
COMMAND

	lprng insecure temporary file creation

SYSTEMS AFFECTED

	version lprng_3.8.10

PROBLEM

	In Debian Security Advisory DSA 285-1  [http://www.debian.org/security/]
	:
	
	Karol Lewandowski  discovered  that  psbanner,  a  printer  filter  that
	creates a PostScript format banner and  is  part  of  LPRng,  insecurely
	creates a temporary file for debugging purpose when it is configured  as
	filter. The program does not check whether this file already  exists  or
	is linked to another place writes its  current  environment  and  called
	arguments to the file unconditionally with the user id daemon.

SOLUTION

	upgrade to latest version


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH