NetWinder.org - NetWinder security advisory Page

NAVIGATION

About
News
Support

Downloads
- Search
- Mirrors
- Auto update

Documentation
- FAQ
- HOWTOs
- ARM info
- Crusoe info

Development
- Toolchain
- Autobuild
- Users

Sponsored by:

NetWinder security advisory

ID	2000-004
Issued	2000-Mar-09
Updated	2000-Apr-11
Package	printtool
Summary	Password compromise in printtool
Category	Design error
Severity	Low
Products	Developer dm-3.1-15 and earlier
	OfficeServer is _not_ affected.

DESCRIPTION

The "printtool" package stores the passwords for shared network printers in a world-readable configuration file. When "printtool" is used to configure a shared network printer, it stores the settings a world-readable file, eg. "/var/spool/lpd/lp/.config". Any user on the system is able to read the password directly from this config file.

SOLUTION

This problem requires redesign of the way "printtool" stores its configuration data, particularly passwords. The "printtool" package is developed and maintained by RedHat. There is no word on when an updated version may become available.

In the meantime, avoid using sensitive passwords for shared printers.

REFERENCES

BugTraq (Sheshep ankh Dubhe) http://www.securityfocus.com/vdb/bottom.html?vid=1037