|
|
| |
| KLPRFax is an LPD fax front-end using efax. A utility called `klprfax_filter`, which is a part of the KLPRFax package suffers from a symlink vulnerability that would allow a local user to overwrite and create files with root privileges. |
| |
Credit:
The information has been provided by wang yuan and George Staikos.
|
| |
Vulnerable systems:
kdeutils version 2.2-2
When using klprfax_filter, the product would create a temporary file inside the /tmp directory called klprfax.filter however this temporary file is not created safely, allowing attackers to overwrite system sensitive files.
Workaround:
Remove the suid bit from efax.
|
|
|
