Title: SuSE LPROld Remote File Ownership Changing Vulnerability
Severity: CRITICAL
Description:
SuSE Linux is a freely available, open source implementation of the Linux Operating System, a UNIX clone. It is maintained and distributed by SuSE.
A problem with the lprold package has been discovered that could allow remote users to gain unauthorized access to system files. This could additionally result in elevated privileges on the local system.
The problem is due to a design error in lprold. Upon generating a custom-crafted malicious request, it is possible for a remote user to change the ownership of files on the local system. This can allow a remote user to change the ownership of any root-owned file to possession of a non-privileged user on the local system.
This vulnerability can only be taken advantage of if the system the attack is being launched from is listed in the /etc/hosts.equiv, or /etc/hosts.lpd file.
Affected Products:
- S.u.S.E. Linux 6.3.0
- S.u.S.E. Linux 6.3.0 alpha
- S.u.S.E. Linux 6.4.0
- S.u.S.E. Linux 6.4.0 alpha
- S.u.S.E. Linux 6.4.0 ppc
- S.u.S.E. Linux 7.0.0
- S.u.S.E. Linux 7.0.0 alpha
- S.u.S.E. Linux 7.0.0 ppc
- S.u.S.E. Linux 7.0.0 sparc
- S.u.S.E. Linux 7.1.0 alpha
- S.u.S.E. Linux 7.1.0 ppc
- S.u.S.E. Linux 7.1.0 sparc
- S.u.S.E. Linux 7.1.0 x86
- S.u.S.E. Linux 7.2.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
