* Karol Wiesek <karol@xxxxxxxxx> [2006-08-05 00:49:34 +0200]:
> I've found only mandriva has suitable setuid binary
>
> details -> http://karol.wiesek.pl/files/lesstif-advisory.pdf
You don't indicate which version of mtink is installed or, rather, which
version of printer-utils is installed. The issue might be a two-parter,
but the mtink root shell issue was resolved last December with a
printer-utils update as noted in the changelog of the printer-utils
package:
* Thu Dec 29 2005 Stew Benedict <sbenedict@xxxxxxxxxxxx> 2006-7.1.20060mdk
- security update for local root vuln in mtink (P103)
If you were not using this version then yes, the advisory would
probably work as indicated. As a result, with the updated printer-utils
package, you get a "/etc/ld.so.preload: Permission denied" error.
So you really should say that Mandriva has a suitable *unpatched* setuid
binary (not so suitable when you install a nine-month-old update).
--
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
Attachment:
pgpUsIawy2kS6.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/