Vulnerability Note VU#412566

Solaris conv_fix insecure file handling vulnerability

Original Release date: 04 Mar 2004 | Last revised: 04 Mar 2004

Overview

A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system.

Description

The Solaris operating system from Sun Microsystems includes a number of supplemental programs to aid in configuration and maintenance of the printing subsystem. One of these programs, /usr/lib/print/conv_fix (which is invoked from the /usr/lib/print/conv_lpd shell script), operates on files in an insecure manner. An attacker can create a file containing data of their choosing that would later be processed by conv_fix. The attacker can then cause their data to be written out to any file on the system if the conv_lpd script is executed as root.

Impact

An attacker with local access may be able to overwrite or create any file on the system if the conv_lpd program is run by root. Depending on which file was created or overwritten, this could allow the attacker to gain elevated privileges or a cause a denial-of-service against the system.

Solution

Apply a patch from the vendor

Patches have been released to address this issue. Please see the Systems Affected section of this document for more details.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Sun Microsystems Inc.Affected-04 Mar 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Sun Microsystems, Inc. for reporting this vulnerability.

This document was written by Chad R Dougherty.

Other Information

  • CVE IDs: Unknown
  • Date Public: 26 Feb 2004
  • Date First Published: 04 Mar 2004
  • Date Last Updated: 04 Mar 2004
  • Severity Metric: 0.96
  • Document Revision: 9

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.