HP-UX pcltotiff Local DoS

2001-04-19T13:55:58
ID OSVDB:2188
Type osvdb
Reporter OSVDB
Modified 2001-04-19T13:55:58

Description

Vulnerability Description

The file /opt/sharedprint/bin/pcltotiff contains a flaw that allows a local denial of service. This DoS is due to pcltotiff having set group id permissions.

Solution Description

Currently there is not a patch for this issue. However, a workaround is to remove the set group id permissions from the pcltotiff file and allow read access to the file /usr/lib/X11/fonts/ifo.st/typefaces/. This can be accomplished with the commands below:

/sbin/chmod 555 /opt/sharedprint/bin/pcltotiff /sbin/chmod o+r /usr/lib/X11/fonts/ifo.st/typefaces/

Short Description

The file /opt/sharedprint/bin/pcltotiff contains a flaw that allows a local denial of service. This DoS is due to pcltotiff having set group id permissions.

References:

Vendor Specific Advisory URL ISS X-Force ID: 6447 CVE-2001-0488 Bugtraq ID: 2646