LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| astart_technologies | lprng | 3.6.11 |
| astart_technologies | lprng | 3.6.2 |
| astart_technologies | lprng | 3.6.6 |
| astart_technologies | lprng | 3.6.4 |
| astart_technologies | lprng | 3.6.5 |
| astart_technologies | lprng | 3.6.8 |
| astart_technologies | lprng | 3.6.15 |
| astart_technologies | lprng | 3.6.12 |
| astart_technologies | lprng | 3.6.14 |
| astart_technologies | lprng | 3.6.1 |
| astart_technologies | lprng | 3.6.3 |
| astart_technologies | lprng | 3.6.10 |
| astart_technologies | lprng | 3.6.7 |
| astart_technologies | lprng | 3.6.13 |
| astart_technologies | lprng | 3.6.9 |
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| astart_technologies | lprng | 3.7.4 |
| astart_technologies | lprng | 3.8.9 |
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| astart_technologies | lprng | 3.8.10.1 |
| astart_technologies | lprng | 3.8.19 |
| astart_technologies | lprng | 3.7.4 |
| astart_technologies | lprng | 3.8.9 |