Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: lpd exploit?

From: Ron DuFresne <dufresne () WINTERNET COM>
Date: Sun, 3 Dec 2000 16:41:13 -0600
If I recall, a few weeks back redhat and perhaps madrake and debian
released updates for cups as it was insecure.

Thanks,

Ron DuFresne

On Fri, 1 Dec 2000, Larry W. Cashdollar wrote:


Paranoia is good when it comes to computer security.  And just because you
have never seen it does not mean it does not exist.

The lpd daemon is notorious for being insecure.    A search on
securityfocus.com will show you a few older exploits for it.

I thought redhat 7.0 was using CUPS?

On Thu, 30 Nov 2000, Mark wrote:


This is paranoia.  By default, redhat 7 runs lpd as user 'lp', and I have
never seen any exploits for this daemon.

mark
tort () dethbystereo com


On Thu, 30 Nov 2000 root () MICROSOFT COM wrote:


Not sure if this is true or not, but I thought I'd give a heads-up...






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.
Previous By Date Next
Previous By Thread Next

Current thread: