• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

LPRNG html2ps Remote Command Execution Vulnerability

A vulnerability has been discovered in the html2ps filter which is included in the lprng print system.

It has been reported that it is possible for a remote attacker to execute arbitrary commands. The attacker must reportedly already have access to the 'lp' (or equivalent) account to exploit this condition.

This cause of this vulnerability is that html2ps may open files using unsanitized input that may be supplied by a potentially malicious user.