Vulnerability Development mailing list archives

Re: lpd exploit?

From: "Larry W. Cashdollar" <lwc () VAPID DHS ORG>
Date: Fri, 1 Dec 2000 11:07:42 -0800

Paranoia is good when it comes to computer security.  And just because you
have never seen it does not mean it does not exist.

The lpd daemon is notorious for being insecure.    A search on
securityfocus.com will show you a few older exploits for it.

I thought redhat 7.0 was using CUPS?

On Thu, 30 Nov 2000, Mark wrote:

This is paranoia.  By default, redhat 7 runs lpd as user 'lp', and I have
never seen any exploits for this daemon.

mark
tort () dethbystereo com


On Thu, 30 Nov 2000 root () MICROSOFT COM wrote:

Not sure if this is true or not, but I thought I'd give a heads-up...

Current thread:

lpd exploit? root (Dec 01)
- Re: lpd exploit? Olaf Kirch (Dec 02)
  - Re: lpd exploit? Crist Clark (Dec 04)
- Re: lpd exploit? Mark (Dec 02)
  - Re: lpd exploit? Jarno Huuskonen (Dec 04)
  - Re: lpd exploit? Larry W. Cashdollar (Dec 04)
    - Re: lpd exploit? Ron DuFresne (Dec 04)
- Re: lpd exploit? Ryan Yagatich (Dec 04)
- <Possible follow-ups>
- Re: lpd exploit? John (Dec 07)
- Re: lpd exploit? John (Dec 07)
  - Re: lpd exploit? Ron DuFresne (Dec 08)
    - Re: lpd exploit? Graeme Fowler (Dec 09)
    - Re: lpd exploit? Theodor Ragnar Gislason (Dec 09)
    - Re: lpd exploit? Graeme Fowler (Dec 09)
    - Re: lpd exploit? Theodor Ragnar Gislason (Dec 09)
    - Re: lpd exploit? WebFusion System Administrator (Dec 09)

(Thread continues...)