header-logo
Suggest Exploit
vendor:
ML-85G series printers
by:
SecurityFocus
7.2
CVSS
HIGH
Symbolic Link Vulnerability
59
CWE
Product Name: ML-85G series printers
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2002

ml85p Driver Symbolic Link Vulnerability

ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image output files. These files are created in /tmp with a guessable naming format, making it trivial for attackers to exploit this vulnerability. Since user-supplied data is written to the target file, attackers may be able to elevate privileges.

Mitigation:

Ensure that ml85p is not installed on the system and that the system is not vulnerable to this type of attack.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3008/info
  
ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript.
  
ml85p does not check for symbolic links when creating image output files.
  
These files are created in /tmp with a guessable naming format, making it trivial for attackers to exploit this vulnerability.
  
Since user-supplied data is written to the target file, attackers may be able to elevate privileges.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21001.tar.gz

Navigation

Suggest Exploit

Services By CQR