Printtool Printer Share Password Compromise Vulnerability

printtool is an X11 printer configuration tool shipped with RedHat Linux and possibly other linux distributions. When configuring a printer with printtool, the permissions of the config file are set world-readable. This is shown by an example in a bugtraq post regarding this vulnerability:

[dubhe@duat dubhe]$ ls -lsa /var/spool/lpd/lp/.config
1 -rw-r--r-- 1 root root 96 Mar 6 13:21 /var/spool/lpd/lp/.config

It is possible to obtain the printer share password since it is stored in this world-readable file:

[dubhe@duat dubhe]$ cat /var/spool/lpd/lp/.config
share='\\xxxxx\HP'
hostip=xxx.xxx.xxx.xxx
user='username'
password='1111'
workgroup='xxxxxxxx'


 

Privacy Statement
Copyright 2010, SecurityFocus