OSVDB ID: 12564 Title: LPRng lprng_certs.sh Insecure Temporary File Arbitrary File Overwrite |
Info |
|
|
Dates |
||||
|
|
Description |
LPRng contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the lprng_certs.sh script creating temporary files insecurely, which can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the vulnerable script. This flaw may lead to a loss of integrity. |
Classification |
Location:
Local Access Required
Attack Type: Race Condition Impact: Loss of Integrity Exploit: Exploit Unknown Disclosure: OSVDB Verified |
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. |
Products |
|
References |
|
Credit |
|
computer.org -