Bug 53784 - Possible security problem with LPRng 3.7.5 and 3.7.6
Possible security problem with LPRng 3.7.5 and 3.7.6
Status: CLOSED NOTABUG
Product: Red Hat Raw Hide
Classification: Retired
Component: LPRng (Show other bugs)
1.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Brock Organ
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-09-18 12:37 EDT by Pekka Savola
Modified: 2007-04-18 12:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-07 12:11:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pekka Savola 2001-09-18 12:37:39 EDT
I don't think that RH ever released 3.7.5 or 3.7.6 (rather, patched 3.7.4), but as there might have 
been some patches to the code, better safe than sorry...

--8<--

Date: Tue, 18 Sep 2001 07:06:41 -0700 (PDT)
From: User Papowell <papowell@astart.com>
Reply-To: lprng@lprng.com
To: lprng@lprng.com
Subject: LPRng: LPRng 3.7.7 + Security Bulletin

Please do not use LPRng 3.7.5, 3.7.6.  There is a possible
security problem with them.

Details:

  In fixing a problem with 'additional groups' I wrote a routine
that got the group for use when running as a server and then set
the group and additional groups.  This 'setgroup' should be done
ONLY for 'lpd'.  The code that is in 3.7.5 and 3.7.6 does it for
lpq and lpr as well.

There is a possibility that by using this users could access files
for which the lpd user ('daemon' by default and 'lp' by on most
RedHat RPM installations) could read files which had group ownership
'daemon' (or lp).

Patrick ("Doh! I knew that! Dumb! Dumb!") Powell
Comment 1 Tim Waugh 2002-01-21 05:56:45 EST
Indeed, we have only shipped 3.7.4+patches, and not 3.7.5 or later.  Thanks 
for letting us know about this though.

Note You need to log in before you can comment on or make changes to this bug.