Bugtraq mailing list archives

Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor

From: bknotts () SLAPPY ORG (Brian Knotts)
Date: Mon, 13 Mar 2000 11:28:50 -0800


On 08-Mar-2000 Sheshep ankh Dubhe wrote:

[ Hackerslab bug_paper ] Linux printtool get printer password

File : /usr/bin/printtool

SYSTEM : Linux

INFO :

If make printer configuration by printtool package, It make vule config file.
Config file perrmission is "-rw-r--r-- root root".
If use samba network printer, password stored in config file.

Tested platform : RedHat 6.1 - 6.2B
printtool-3.41-2
printtool-3.42-3ac
printtool-3.43-1


I fixed my /usr/bin/printtool (v. 3.41) with:

2302a2303,2307

#
#   set the .config permissions to something sane
#
    catch {exec chown root.lp $smb_config}
    catch {exec chmod 600 $smb_config}

2465a2471,2475

#
#   set the .config permissions to something sane
#
    catch {exec chown root.lp $ncp_config}
    catch {exec chmod 600 $ncp_config}


Seems to work.

--
--------------------------------------------------------------------------------
Brian Knotts                                                  bknotts () slappy org

Current thread:

Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty), (continued)
- - - Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty) Bjarni R. Einarsson (Mar 20)
    - Microsoft Security Bulletin (MS00-018 Microsoft Product Security (Mar 20)
    - Re: a few bugs ... Coke (Mar 20)
    - Re: a few bugs ... Daniel Jacobowitz (Mar 20)
    - Re: a few bugs ... Michal Zalewski (Mar 20)
    - DoS with NAVIEG PAUL VanDyke (Mar 17)
    - [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
    - Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)
    - ICQ remote DoS Philip Stoev (Mar 10)
  - TESO advisory -- atsadc krahmer () CS UNI-POTSDAM DE (Mar 11)
  - Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor Brian Knotts (Mar 13)
- Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Jason Lutz (Mar 09)
  - Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Chris Paget (Mar 17)
  - SQL Server Vulnerability details Chip Andrews (Mar 18)
- Re: PGP Signatures security BUG! Florian Weimer (Mar 10)
  - Re: PGP Signatures security BUG! Will Price (Mar 20)
  - Esafe Protect Gateway (CVP) does not scan virus under some conditions Hugo.van.der.Kooij () CAIW NL (Mar 21)
    - Re: Esafe Protect Gateway (CVP) does not scan virus under some conditions Alon Rotem (Mar 24)
  - Security bug in Apache project: Jakarta Tomcat Jan Madsen (Mar 21)
  - [TL-Security-Announce] nmh-1.0.2 and earlier TLSA200008-1 Katie Moussouris (Mar 21)
- New Solaris Vulnerability Calculator, Sun Mailing list, and Sun Focus area from SecurityFocus.com Jeremy Rauch (Mar 13)

(Thread continues...)