Bugtraq mailing list archives
Conectiva Linux Security Announcement - lpr
From: secure () CONECTIVA COM BR
Date: Thu, 5 Oct 2000 18:02:05 -0300
----------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ----------------------------------------------------------------------- PACKAGE : lpr SUMMARY : Possible local root exploit DATE : 2000-10-05 18:01:00 RELEVANT RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1 ---------------------------------------------------------------------- DESCRIPTION There is a format bug in lpd in a syslog() call that could be used to obtain root access. The exploit would have to successfully inject format strings in a hostname to cause damage. SOLUTION All users should upgrade to the updated packages. We would like to thank Chris Evans for spotting this problem elsewhere and bringing it up to the attention of the linux vendors. DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/4.0/i386/lpr-0.50-6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/lpr-0.50-6cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.0es/i386/lpr-0.50-6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/lpr-0.50-6cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.1/i386/lpr-0.50-6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/lpr-0.50-6cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/lpr-0.50-6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/lpr-0.50-6cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/lpr-0.50-6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/lpr-0.50-6cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/lpr-0.50-6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/lpr-0.50-6cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/lpr-0.50-6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/lpr-0.50-6cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/lpr-0.50-6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/lpr-0.50-6cl.src.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key can be obtained at http://www.conectiva.com.br/contato ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe () bazar conectiva com br unsubscribe: atualizacoes-anuncio-unsubscribe () bazar conectiva com br
Current thread:
- Conectiva Linux Security Announcement - lpr secure (Oct 05)