apsfilter LPD User Execution Vulnerability

A vulnerability exists in some versions of the apsfilter program. Apsfilter is a program designed to allow easy printing of a wide variety of different file formats, without needing to convert file types. Versions of apsfilter prior to version 5.4.1 contained a vulnerability that would allow local users to execute commands with the privilege of the user the LP daemon runs as. On many systems, this is root.

Apsfilter runs on a wide variety of Unix systems. This vulnerability was discovered in the FreeBSD ports version of apsfilter. It is not installed by default on FreeBSD.


Privacy Statement
Copyright 2010, SecurityFocus