Summary
The remote host is missing an update to lprng
announced via advisory DSA 285-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20285-1
Insight
Karol Lewandowski discovered that psbanner, a printer filter that creates a PostScript format banner and is part of LPRng, insecurely creates a temporary file for debugging purpose when it is configured as filter. The program does not check whether this file already exists or is linked to another place writes its current environment and called arguments to the file unconditionally with the user id daemon.
For the stable distribution (woody) this problem has been fixed in version 3.8.10-1.2.
The old stable distribution (potato) is not affected by this problem.
For the unstable distribution (sid) these problems have been fixed in version 3.8.20-4.
We recommend that you upgrade your lprng package.
Severity
Classification
-
CVE CVE-2003-0136 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Debian Security Advisory DSA 2650-2 (libvirt - files and device nodes ownership change to kvm group)
- Debian Security Advisory DSA 1256-1 (gtk+2.0)
- Debian Security Advisory DSA 2661-1 (xorg-server - information disclosure)
- Debian Security Advisory DSA 2590-1 (wireshark - several vulnerabilities)
- Debian Security Advisory DSA 202-2 (im)