Bugtraq mailing list archives
Re: lpr/lpd problems
From: nlawson () statler csc calpoly edu (Nathan Lawson)
Date: Tue, 28 Feb 1995 10:48:16 -0800 (PST)
I have heard rumors of security problems associated with the BSD-style lpr/lpd printing system. Does anyone know anything about this?Sun systems (4.1.3_U1) patch # 101434-03 lpr Jumbo patch fixes: lpr checks real rather than effective user lpr -s -t can be used to remove any file in /
And of course, there's the famous old one that used creat() instead of open(..,O_EXCL|O_CREAT). The exploit can be found in the 8lgm advisory for lpr. -- Nathan Lawson | "One of the advantages of using UNIX to teach an operating CSL 490 Admin | systems course is the sources and documentation will easily 756-7180 @Work | fit into a students briefcase." -- John Lions (1976)
Current thread:
- Re: lpr/lpd problems irj () btc uwe ac uk (Feb 28)
- Vulnerabilities in the Web AJ Bate (Feb 28)
- Re: lpr/lpd problems Nathan Lawson (Feb 28)