BSD lpr Print Arbitrary Privileged File

1987-04-10T00:00:00
ID OSVDB:1411
Type osvdb
Reporter Charles Hedrick()
Modified 1987-04-10T00:00:00

Description

Vulnerability Description

Operating systems which had their kernel reorganized to accomodate the network file system (NFS) and are based on 4.3 BSD, specifically SunOS and Pyramid, contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user causes lpr to print out an arbitrary privileged file, resulting in a loss of confidentiality.

Technical Description

The access system call utilized by lpr only calls iaccess on the inode to verify that the protection of the file is acceptable. It fails to check the protection of the directory.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Operating systems which had their kernel reorganized to accomodate the network file system (NFS) and are based on 4.3 BSD, specifically SunOS and Pyramid, contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user causes lpr to print out an arbitrary privileged file, resulting in a loss of confidentiality.

References:

Mail List Post: http://securitydigest.org/unix/archive/034