Bugtraq mailing list archives
Re: Linux /usr/bin/lpc overflow
From: slk () NTRNET NET (Simon Karpen)
Date: Thu, 4 Feb 1999 16:29:42 -0500
On Wed, 3 Feb 1999, Denis Bucher wrote:
xnec () INFERNO TUSCULUM EDU a écrit :
There is a local root comprimise hole in PLP Line Printer Control program, version 4.0.3, which is SuSE 5.2's /usr/bin/lpc. Most other unices use a different version of lpc (including SuSE 5.1).Under an installation of SuSE 5.1, I found lpc 4.0.3 ! Therefore I think 5.1 is not safe !
SuSE 5.3 and 6.0 appear not to suffer from this problem.
Under 5.3:
scan:/home/skarpen # rpm -qf /usr/sbin/lpc
lprold-3.0.1-14
scan:/home/skarpen # /usr/sbin/lpc
lpc>
Under 6.0:
root@grendel:~ > rpm -qf /usr/sbin/lpc
lprold-3.0.1-37
root@grendel:~ > /usr/sbin/lpc
lpc>
Also, note that SuSE can install one of: PLP, 'classic' LPD, or LPRng.
AFAIK the default os the 'classic' Berkeley LPD. (recent security-fixed
version though)
--Simon
--
Simon Karpen slk () ntrnet net
#include <std_disclaimer.h> My opinions are my own.
Failure is not an option. It comes bundled with your Microsoft product.
-- Ferenc Mantfeld
Current thread:
- Linux /usr/bin/lpc overflow xnec () INFERNO TUSCULUM EDU (Feb 02)
- <Possible follow-ups>
- Re: Linux /usr/bin/lpc overflow Denis Bucher (Feb 03)
- Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 04)
- Re: Cyrix bug: freeze in hell, badboy Aaron Lehmann (Feb 05)
- Re: Linux /usr/bin/lpc overflow Simon Karpen (Feb 04)
- Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 04)
- Re: Linux /usr/bin/lpc overflow -*- Chotaire -*- (Feb 04)