|
Printtool Printer Share Password Compromise Vulnerability
printtool is an X11 printer configuration tool shipped with RedHat Linux and possibly other linux distributions. When configuring a printer with printtool, the permissions of the config file are set world-readable. This is shown by an example in a bugtraq post regarding this vulnerability: [dubhe@duat dubhe]$ ls -lsa /var/spool/lpd/lp/.config 1 -rw-r--r-- 1 root root 96 Mar 6 13:21 /var/spool/lpd/lp/.config It is possible to obtain the printer share password since it is stored in this world-readable file: [dubhe@duat dubhe]$ cat /var/spool/lpd/lp/.config share='\\xxxxx\HP' hostip=xxx.xxx.xxx.xxx user='username' password='1111' workgroup='xxxxxxxx' |
|
|
Privacy Statement |
