Vulnerability

    apsfilter

Affected

    apsfilter 5.4.1

Description

    Following is based on FreeBSD  Security Advisory.  apsfilter is  a
    print  filter  which  automatically  handles  the  conversion   of
    various types of file into a format understood by the printer.

    The  apsfilter  port,   versions  5.4.1  and   below,  contain   a
    vulnerability  which  allow  local  users  to  execute   arbitrary
    commands as the user running  lpd, user root in a  default FreeBSD
    installation.   The  apsfilter  software  allows  users to specify
    their own  filter configurations,  which are  read in  an insecure
    manner and may be used to elevate privileges.

    Local users can cause arbitrary  commands to be executed as  root.
    If you have not chosen to install the apsfilter port/package, then
    your system is not vulnerable to this problem.

Solution

    Deinstall the  apsfilter port/package,  if you  you have installed
    it.  For FreeBSD do one of the following:

      1) Upgrade  your  entire  ports  collection  and  rebuild    the
         apsfilter port.
      2) Deinstall  the old  package and  install a  new package dated
         after the correction date, obtained from:
         ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/print/apsfilter-5.4.2.tgz
         ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/print/apsfilter-5.4.2.tgz
         ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/print/apsfilter-5.4.2.tgz
         ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/print/apsfilter-5.4.2.tgz
         ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/print/apsfilter-5.4.2.tgz
      3) download a new port skeleton for the apsfilter port from:
         http://www.freebsd.org/ports/
         and use it to rebuild the port.