On 2/2/07, Grzegorz Żur <[EMAIL PROTECTED]> wrote:
Package: cups-pdf
Version: 2.4.2-1
Severity: critical
Justification: root security hole
Tags: security
Unprivileged user can execute /usr/lib/cups/backend/cups-pdf to read
parts of any file. End of file is printed by Ghostscript in error report.
Execution of this command as unprivileged user
/usr/lib/cups/backend/cups-pdf shadow user title 1 '' /etc/shadow
will result in Ghostscript error showing last line of /etc/shadow file
(possibly containing password hash)
ERROR: /undefined in saned:!:13511:0:99999:7:::
Upstream is subscribed to this package's PTS, so I'll let him comment
on this one.
--
Martin-Éric Racine
http://q-funk.iki.fi
