Bugtraq mailing list archives
Re: Possible weakness in LPD protocol
From: oliver () SILENCE SECNET COM (Oliver Friedrichs)
Date: Fri, 3 Oct 1997 11:55:06 -0600
On October 02 1997, Bennett Samowich wrote:
5.) Overflow at least one buffer from the network; this is just
above the "print any file" part of recvjob.c:
cp = line;
do {
if ((size = read(1, cp, 1)) != 1) {
if (size < 0)
frecverr("%s: Lost connection",printer);
return(nfiles);
}
} while (*cp++ != '\n');
In this case "line" is a global variable in common_source/common.c so it wouldn't be vulnerable to the standard stack overflow, however there are some other interesting variables near it that look like they could be manipulated to create undesired effects. - Oliver - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211
Current thread:
- Malicious Linux modules, (continued)
- Malicious Linux modules Runar Jensen (Oct 08)
- Re: L0pht Advisory: IMAP4rev1 imapd server Casper Dik (Oct 09)
- Security flaw in PGPverify of INN Lutz Donnerhacke (Oct 09)
- Re: L0pht Advisory: IMAP4rev1 imapd server Kragen Sitaker (Oct 09)
- Security flaw in Count.cgi (wwwcount) Razvan Dragomirescu (Oct 10)
- Huge security holes in Microsoft FP98 server extensions for Apache Marc Slemko (Oct 11)
- Re: Huge security holes in Microsoft FP98 server extensions for Aleph One (Oct 11)
- DOS PC FTP SERVER Efrain Torres Mejia (Oct 11)
- _very_ poor ISN generation on Ascend MAX (fwd) Marc Slemko (Oct 11)
- Another way to exploit local classes in Java Andre L. Dos Santos (Oct 08)
- Re: Possible weakness in LPD protocol Oliver Friedrichs (Oct 03)
- Re: Possible weakness in LPD protocol Eivind Eklund (Oct 03)
- Re: Possible weakness in LPD protocol Doug Hughes (Oct 05)