|
DESCRIPTION The "printtool" package stores the passwords for shared network printers in a world-readable configuration file. When "printtool" is used to configure a shared network printer, it stores the settings a world-readable file, eg. "/var/spool/lpd/lp/.config". Any user on the system is able to read the password directly from this config file. SOLUTION This problem requires redesign of the way "printtool" stores its configuration data, particularly passwords. The "printtool" package is developed and maintained by RedHat. There is no word on when an updated version may become available. In the meantime, avoid using sensitive passwords for shared printers. REFERENCES BugTraq (Sheshep ankh Dubhe) http://www.securityfocus.com/vdb/bottom.html?vid=1037 |