Note: This is an archival copy of Security Sun Alert 200273 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000212.1.
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Resolved Release
The "/usr/lib/print/conv_fix" command is invoked by the conv_lpd(1M) script and contains a security vulnerability. If the conv_lpd(1M) script is executed as the "root" user, it may be possible for unprivileged local users to exploit this vulnerability to overwrite or create any file on the system. This could lead to unauthorized elevated privileges or allow a Denial of Service (DoS) against the system.
This issue can occur in the following releases:
There are no reliable symptoms that would indicate the described issue has been exploited, as it depends on which file is overwritten or created.
To work around the described issue, run conv_lpd(1M) as a non-root user.
This issue is addressed in the following releases:
This solution has no attachment