Vulnerability Development mailing list archives
Re: lpd exploit?
From: Jarno Huuskonen <jhuuskon () MESSI UKU FI>
Date: Fri, 1 Dec 2000 21:54:05 +0200
On Thu, Nov 30, Mark wrote:
This is paranoia. By default, redhat 7 runs lpd as user 'lp', and I have never seen any exploits for this daemon. mark tort () dethbystereo com
Well, Chris Evans reported an LPRng format string vulnerability on bugtraq (see http://www.securityfocus.com/archive/1/85002 ). From the report you can see that LPRng doesn't fully drop root privileges, so maybe the exploit is more than paranoia. -Jarno PS. I think that Chris Wing has made a patch for LPRng so it'll fully drop root privileges (uses kernel capabilities). See http://www.engin.umich.edu/caen/systems/Linux/caenlinux/6.1/changes.html -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen () uku fi University of Kuopio - Computer Centre | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169
Current thread:
- lpd exploit? root (Dec 01)
- Re: lpd exploit? Olaf Kirch (Dec 02)
- Re: lpd exploit? Crist Clark (Dec 04)
- Re: lpd exploit? Mark (Dec 02)
- Re: lpd exploit? Jarno Huuskonen (Dec 04)
- Re: lpd exploit? Larry W. Cashdollar (Dec 04)
- Re: lpd exploit? Ron DuFresne (Dec 04)
- Re: lpd exploit? Ryan Yagatich (Dec 04)
- <Possible follow-ups>
- Re: lpd exploit? John (Dec 07)
- Re: lpd exploit? John (Dec 07)
- Re: lpd exploit? Ron DuFresne (Dec 08)
- Re: lpd exploit? Graeme Fowler (Dec 09)
- Re: lpd exploit? Theodor Ragnar Gislason (Dec 09)
- Re: lpd exploit? Graeme Fowler (Dec 09)
- Re: lpd exploit? Theodor Ragnar Gislason (Dec 09)
- Re: lpd exploit? Ron DuFresne (Dec 08)
- Re: lpd exploit? Olaf Kirch (Dec 02)