linux, säkerhet

4879768 2000-03-09  11:16  /36 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <10176>
Ärende: [ Hackerslab bug_paper ] Linux printtool get printer password
------------------------------------------------------------
[ Hackerslab bug_paper ] Linux printtool get printer password

File : /usr/bin/printtool

SYSTEM : Linux

INFO :

If make printer configuration by printtool package, It make vule
config file.  Config file perrmission is "-rw-r--r-- root root".  If
use samba network printer, password stored in config file.

Tested platform : RedHat 6.1 - 6.2B
printtool-3.41-2
printtool-3.42-3ac
printtool-3.43-1

[dubhe@duat dubhe]$ ls -lsa /var/spool/lpd/lp/.config
   1 -rw-r--r--   1 root     root           96 Mar  6 13:21 /var/spool/lpd/lp/.config
[dubhe@duat dubhe]$ cat /var/spool/lpd/lp/.config
share='\\xxxxx\HP'
hostip=xxx.xxx.xxx.xxx
user='username'
password='1111'
workgroup='xxxxxxxx'

 Now to fix
------------

chmod o-r /var/spool/lpd/lp/.config
chgrp lp /var/spool/lpd/lp/.config

- Kyong-won, Cho -
e-mail : dubhe@hackerslab.org dubhe@duat.dhs.org
(4879768) ------------------------------------------(Ombruten)
Kommentar i text 4889055 av Brevbäraren (som är implementerad i) Python
Läsa nästa kommentar.
4889055 2000-03-12  02:23  /21 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <10194>
Kommentar till text 4879768 av Brevbäraren (som är implementerad i) Python
Ärende: Re: [ Hackerslab bug_paper ] Linux printtool get printer password
------------------------------------------------------------
Hi,

> [ Hackerslab bug_paper ] Linux printtool get printer password
>
> File : /usr/bin/printtool
>
> SYSTEM : Linux
Ehemm.. It's a RedHat-specific bug, not a Linux bug.
Redhat != Linux.
Printtool package is also available for Debian GNU/Linux, but
it isn't vulnerable. on Debian systems /var/spool/lpd/lp/.config is
owned by daeomn.lp with permission 600.

Regards,
Tuomas Jormola <tj@sgic.fi>
--
Windows NT crashed.
I am the Blue Screen of Death.
No one hears your screams
(4889055) ------------------------------------------

4901632 2000-03-15  02:19  /40 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <10213>
Kommentar till text 4879768 av Brevbäraren (som är implementerad i) Python
Ärende: Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor
------------------------------------------------------------
On 08-Mar-2000 Sheshep ankh Dubhe wrote:
> [ Hackerslab bug_paper ] Linux printtool get printer password
>
> File : /usr/bin/printtool
>
> SYSTEM : Linux
>
> INFO :
>
> If make printer configuration by printtool package, It make vule config file.
> Config file perrmission is "-rw-r--r-- root root".
> If use samba network printer, password stored in config file.
>
> Tested platform : RedHat 6.1 - 6.2B
> printtool-3.41-2
> printtool-3.42-3ac
> printtool-3.43-1

I fixed my /usr/bin/printtool (v. 3.41) with:

2302a2303,2307
> #
> #   set the .config permissions to something sane
> #
>     catch {exec chown root.lp $smb_config}
>     catch {exec chmod 600 $smb_config}
2465a2471,2475
> #
> #   set the .config permissions to something sane
> #
>     catch {exec chown root.lp $ncp_config}
>     catch {exec chmod 600 $ncp_config}

Seems to work.

--
--------------------------------------------------------------------------------
Brian Knotts                                                  bknotts@slappy.org
(4901632) ------------------------------------------