Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

security issue with lpd (fwd)

From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Tue, 4 Dec 2001 00:26:55 -0500 (EST)
of interest to folks here.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

---------- Forwarded message ----------
Date: Mon, 03 Dec 2001 20:52:40 -0700
From: Todd C. Miller <Todd.Miller () courtesan com>
To: security-announce () openbsd org
Subject: security issue with lpd

A security issue exists with lpd (the line printer daemon) that may
allow an attacker to create arbitrary new files in the root directory.
Only machines with line printer access (ie: listed in either
/etc/hosts.lpd or /etc/hosts.equiv) may be used to mount an attack
and the attacker must have root access on the machine.
OpenBSD does not start lpd in the default installation.

This problem is fixed in OpenBSD-current, the 3.0 patch branch (aka
3.0-stable) and the 2.9 branch (aka 2.9-stable).

A patch exists to fix the problem:

For OpenBSD-2.9 (as well as OpenBSD-2.8):
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/017_lpd.patch

For OpenBSD-3.0
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/008_lpd.patch

Credit for finding this bug (and the corresponding patch) goes
to Sebastian Krahmer of SuSE.

 - todd
Previous By Date Next
Previous By Thread Next

Current thread: