Synopsis
The remote host is missing a vendor-supplied security patch
Description
The remote host is missing the patch for the advisory SUSE-SA:2003:0014 (lprold).
The lprm command of the printing package lprold shipped till SUSE 7.3 contains a buffer overflow. This buffer overflow can be exploited by a local user, if the printer system is set up correctly, to gain root privileges.
lprold is installed as default package and has the setuid bit set.
As a temporary workaround you can disable the setuid bit of lprm by executing the following tasks as root:
- add '/usr/bin/lprm root.root 755' to /etc/permissions.local
- run 'chkstat -set /etc/permissions.local' Another way would be to just allow trusted users to run lprm by executing the following tasks as root:
- add '/usr/bin/lprm root.trusted 4750' to /etc/permissions.local
- run 'chkstat -set /etc/permissions.local'
Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update.
Solution
http://www.suse.de/security/2003_014_lprold.html
Plugin Details
File Name: suse_SA_2003_0014.nasl
Agent: unix
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
Required KB Items: Host/SuSE/rpm-list