Overview
A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system.
Description
The Solaris operating system from Sun Microsystems includes a number of supplemental programs to aid in configuration and maintenance of the printing subsystem. One of these programs, /usr/lib/print/conv_fix (which is invoked from the /usr/lib/print/conv_lpd shell script), operates on files in an insecure manner. An attacker can create a file containing data of their choosing that would later be processed by conv_fix. The attacker can then cause their data to be written out to any file on the system if the conv_lpd script is executed as root. |
Impact
An attacker with local access may be able to overwrite or create any file on the system if the conv_lpd program is run by root. Depending on which file was created or overwritten, this could allow the attacker to gain elevated privileges or a cause a denial-of-service against the system. |
Solution
Apply a patch from the vendor Patches have been released to address this issue. Please see the Systems Affected section of this document for more details. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Sun Microsystems, Inc. for reporting this vulnerability.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | None |
| Severity Metric: | 0.96 |
| Date Public: | 2004-02-26 |
| Date First Published: | 2004-03-04 |
| Date Last Updated: | 2004-03-04 19:14 UTC |
| Document Revision: | 12 |