• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Easy Software Products LPPassWd CUPS Password File Truncation Vulnerability

Easy Software Products lppasswd is prone to a vulnerability that may let local attackers truncate the CUPS password file.

This issue occurs because the program ignores write errors. If a local attacker can fill up the drive or otherwise trigger a write error, it is possible that the operation of writing to the CUPS password file may be aborted.

The end result is that the CUPS password file may be truncated, likely causing a denial of service condition.