VULHUB ™

The lpr packages that ship with RedHat Linux releases 4.x to 6.1 contain vulnerabilities which may allow printing of files for which read access is not allowed. The first of the two problems is a race condition that can be exploited between the access checking and the opening of the file. The second is a symlink attack that could also be used to print files that normally cannot be read by a regular user (through lpr -s).

The lpr packages that ship with RedHat Linux releases 4.x to 6.1 contain vulnerabilities which may allow printing of files for which read access is not allowed. The first of the two problems is a race condition that can be exploited between the access checking and the opening of the file. The second is a symlink attack that could also be used to print files that normally cannot be read by a regular user (through lpr -s).