Security Incidents mailing list archives
Re: LPRng remote root exploit seen in the wild
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Mon, 27 Nov 2000 11:13:49 +1300
On Wed, 22 Nov 2000 16:51:30 -0500 Matt Power <mhpower () BOS BINDVIEW COM> wrote:
On November 19, a Red Hat 7.0 i386 Linux system was found to be root compromised, with the lpd from the LPRng-3.6.22-5 package as the apparent point of entry. Specifically, it is thought that the intruder had possession of a remote-root exploit program for the LPRng vulnerability described at http://www.redhat.com/support/errata/RHSA-2000-065-06.html
Just to add to this head up. We saw three major scans for port 515 over the weekend (and one about 10 days ago). All scans probed many thousands of addresses in our /16 address space (one probed every one). Cheers, Russell Russell Fulton, Computer and Network Security Officer. The University of Auckland, New Zealand.
Current thread:
- LPRng remote root exploit seen in the wild Matt Power (Nov 24)
- Re: LPRng remote root exploit seen in the wild Russell Fulton (Nov 28)
- <Possible follow-ups>
- Re: LPRng remote root exploit seen in the wild Jens Hektor (Nov 29)