Bugtraq mailing list archives
Re: Linux & BSD's lpr exploit
From: dholland () EECS HARVARD EDU (David Holland)
Date: Fri, 25 Oct 1996 14:18:10 -0400
there is a bug in berkeley-derived lpr, which allows attacker to get root access (see freebsd-security for details). Here is exploit for Linux (tested on 2.0.20), for BSD (tested on FreeBSD 2.1) and a patch.
lpr has been officially deprecated in Linux in favor of plp/LPRng
since July. The primary motivating factor in this decision was the
large number of security problems with lpr.
--
- David A. Holland | VINO project home page:
dholland () eecs harvard edu | http://www.eecs.harvard.edu/vino
Current thread:
- Re: BoS: Urgent !! Serious Linux Security Bug...., (continued)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Oliver Xymoron (Oct 21)
- Ping problem patch page Mike Bremford (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Henrik P Johnson (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Timothy Brown (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Tazman (Oct 22)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Tom Guptill (Oct 22)
- Re: BoS: Urgent !! Serious Linux Security Bug.... David O'Brien (Oct 25)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Alan Cox (Oct 25)
- Re[2]: BoS: Urgent !! Serious Linux Security Bug.... Mike Bremford (Oct 25)
- Linux & BSD's lpr exploit Vadim Kolontsov (Oct 25)
- Re: Linux & BSD's lpr exploit David Holland (Oct 25)
- Re: Linux & BSD's lpr exploit UDNet Security (Oct 25)
- Re: Linux & BSD's lpr exploit Capitan (Oct 30)
- Re: BoS: Urgent !! Serious Linux Security Bug.... David O'Brien (Oct 25)