Info

Disclosure

Jun 07, 2000

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

APS Filter Development Team apsfilter contains a flaw that when used on FreeBSD may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when apsfilter, which uses the lpd printing daemon with a setuid of root, insecurely reads filter configurations created by a malicious user. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Upgrade to version the apsfilter package to version 5.4.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: deinstall the apsfilter port/package.

Products

APS Filter Development Team

apsfilter

5.4

FreeBSD Project	FreeBSD	3.2
		3.3
		3.4
		4.0
		5.0

References

Bugtraq ID: 1325
Generic Informational URL: http://people.freebsd.org/~andreas/apsfilter/
ISS X-Force ID: 4617
Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:22.apsfilter.asc
Mail List Post: http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html
CVE ID: 2000-0534 (see also: NVD)
Vendor URL: http://www.apsfilter.org/
http://www.freebsd.org

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

APS Filter Development Team

apsfilter

FreeBSD Project

FreeBSD

References

Credit