Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability 3

2001-07-10T00:00:00
ID EDB-ID:21001
Type exploitdb
Reporter ml85p
Modified 2001-07-10T00:00:00

Description

Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (3). CVE-2001-1177. Local exploit for hardware platform

                                        
                                            source: http://www.securityfocus.com/bid/3008/info
  
ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript.
  
ml85p does not check for symbolic links when creating image output files.
  
These files are created in /tmp with a guessable naming format, making it trivial for attackers to exploit this vulnerability.
  
Since user-supplied data is written to the target file, attackers may be able to elevate privileges.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/21001.tar.gz