search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Solaris conv_fix insecure file handling vulnerability

Vulnerability Note VU#412566

Original Release Date: 2004-03-04 | Last Revised: 2004-03-04


A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system.


The Solaris operating system from Sun Microsystems includes a number of supplemental programs to aid in configuration and maintenance of the printing subsystem. One of these programs, /usr/lib/print/conv_fix (which is invoked from the /usr/lib/print/conv_lpd shell script), operates on files in an insecure manner. An attacker can create a file containing data of their choosing that would later be processed by conv_fix. The attacker can then cause their data to be written out to any file on the system if the conv_lpd script is executed as root.


An attacker with local access may be able to overwrite or create any file on the system if the conv_lpd program is run by root. Depending on which file was created or overwritten, this could allow the attacker to gain elevated privileges or a cause a denial-of-service against the system.


Apply a patch from the vendor

Patches have been released to address this issue. Please see the Systems Affected section of this document for more details.

Vendor Information


Sun Microsystems Inc. Affected

Updated:  March 04, 2004



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Sun Microsystems, Inc. has published Sun Security Alert 57509 in response to this issue. Users are encouraged to review this alert and apply the patches it refers to.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to Sun Microsystems, Inc. for reporting this vulnerability.

This document was written by Chad R Dougherty.

Other Information

CVE IDs: None
Severity Metric: 0.96
Date Public: 2004-02-26
Date First Published: 2004-03-04
Date Last Updated: 2004-03-04 19:14 UTC
Document Revision: 12

Sponsored by CISA.