Rapid7 Vulnerability & Exploit Database

RHSA-2001:112: Printing exposes system files to reading.

Back to Search

RHSA-2001:112: Printing exposes system files to reading.

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
09/24/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

When used in a spooling environment, it is inappropriate to allow programs to read arbitrary files as a result of print requests. Ghostscript, a postscript interpreter, can read arbitrary system files with the same permissions as the print spooler, potentially exposing the system to an information compromise.

Ghostscript, a postscript interpreter, possess various 'file', 'run', etc., commands internally. It also provides a -dSAFER flag to restrict the use of the commands. However, the -dSAFER flag is meant to protect a user from malicious postscript, not to protect a system from inappropriate snooping by a user, and so it is still possible to _read_ files in the SAFER mode. In a print spooling context, even reading arbitrary files is dangerous, and so this needs to be disabled in that context. [UPDATE] : previous versions of this errata used packages: rhs-printfilters-1.46-6, rhs-printfilters-1.63-2.rh6.2, rhs-printfilters-1.63-2.rh6.2j, rhs-printfilters-1.81-2.rh7.0, and rhs-printfilters-1.81-2.rh7.0j. These caused spools to break upon upgrade, though they could easily be fixed by editing the spools with printtool. The updated versions of the errata packages address this bug.

Solution(s)

  • redhat-upgrade-ghostscript
  • redhat-upgrade-printconf
  • redhat-upgrade-printconf-gui
  • redhat-upgrade-printtool
  • redhat-upgrade-rhs-printfilters

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;