Red Hat Bugzilla – Bug 88800
LPRng contains symlink bug in psbanner
Last modified: 2007-11-30 17:06:52 EST
A vulnerability has been found in psbanner, which creates a temporary file
with a known filename in an insecure manner. An attacker could create a
symbolic link and cause arbitrary files to be written as the 'lp' user.
Note: psbanner is not used by the default Red Hat Linux LPRng configuration.
This is RHSA-2003:142, CAN-2003-0136
Apologies, that should be RHSA-2003:150
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.