ID CVE-2003-0136
Summary psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
References
Vulnerable Configurations
  • cpe:2.3:o:astart_technologies:lprng:3.7.4:*:*:*:*:*:*:*
    cpe:2.3:o:astart_technologies:lprng:3.7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:astart_technologies:lprng:3.8.9:*:*:*:*:*:*:*
    cpe:2.3:o:astart_technologies:lprng:3.8.9:*:*:*:*:*:*:*
  • cpe:2.3:o:astart_technologies:lprng:3.8.10.1:*:*:*:*:*:*:*
    cpe:2.3:o:astart_technologies:lprng:3.8.10.1:*:*:*:*:*:*:*
  • cpe:2.3:o:astart_technologies:lprng:3.8.19:*:*:*:*:*:*:*
    cpe:2.3:o:astart_technologies:lprng:3.8.19:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
oval via4
accepted 2010-09-20T04:00:24.159-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
family unix
id oval:org.mitre.oval:def:423
status accepted
submitted 2003-08-17T12:00:00.000-04:00
title LPRng Symbolic Link Attack Vulnerability
version 38
redhat via4
advisories
rhsa
id RHSA-2003:142
refmap via4
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366
debian DSA-285
Last major update 11-10-2017 - 01:29
Published 05-05-2003 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top