Family: Red Hat Local Security Checks --> Category: infos
RHSA-2003-150: LPRng Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the LPRng packages
Detailed Explanation for this Vulnerability Test
Updated LPRng packages resolving a temporary file vulnerability are now
LPRng is a print spooler. LPRng includes a program, psbanner, that can be
used to produce Postscript banner pages to separate print jobs.
A vulnerability has been found in psbanner, which creates in an insecure
manner a temporary file with a known filename. A possible hacker could create a
symbolic link and cause arbitrary files to be written as the lp user.
Note: psbanner is not used by the default Red Hat Enterprise Linux LPRng
Users that have configured LPRng to use psbanner should install these
updated packages, which contain a patch so that psbanner does not create
the temporary file.
Solution : http://rhn.redhat.com/errata/RHSA-2003-150.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.