Bugtraq mailing list archives

Re: Solaris lpNet & temp files (exploit)

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Wed, 7 May 1997 11:59:57 +0200

Q&D workaround:
 add "umask 022" to /etc/init.d/lp; restart /etc/init.d/lp
 su - root; touch /usr/spool/lp/.rhosts
 su - root; chown root /usr/spool/lp; chmod 755 /usr/spool/lp



The argumetns to the specific lp* filters are defined in
/etc/lp/fd/*.fd.

In this case we have:

/etc/lp/fd/postio.fd:Options: PRINTER * = -L/var/tmp/*.log
/etc/lp/fd/postior.fd:Options: PRINTER * = -L/var/tmp/*.log

The "*" is replaced by the printername; the "right way to modify
this file is with "lpfilter":

The following should fix the bug (but I haven't tested it yet)

echo 'Options: PRINTER * = -L/var/lp/*.log' | lpfilter -f postio -
echo 'Options: PRINTER * = -L/var/lp/*.log' | lpfilter -f postior -


Casper

Current thread:

Re: Buffer Overflows: A Summary Bill Trost (May 01)
- Re: Buffer Overflows: A Summary Tommy Marcus McGuire (May 02)
  - Re: Buffer Overflows: A Summary Gene Spafford (May 02)
  - Windows NT 4.0 SAM hotfix Aleph One (May 02)
  - Re: Buffer Overflows: A Summary Lamont Granquist (May 03)
  - Solaris lpNet & temp files (exploit) Chris Sheldon (May 03)
    - Re: Solaris lpNet & temp files (exploit) Casper Dik (May 07)
  - A bug in Elm fflush (May 04)
    - Re: A bug in Elm Larry Schwimmer (May 04)
    - Hole in the KDE desktop Alan Cox (May 05)
    - A vulnerability in Lynx (all versions) fflush (May 05)
    - Re: A vulnerability in Lynx (all versions) Theo de Raadt (May 05)
    - SGI Security Advisory 19970101-02-PX - csetup Program SGI Security Coordinator (May 05)
- Re: Buffer Overflows: A Summary Thomas H. Ptacek (May 02)
  - Comments on NT user list exploit webroot (May 05)
  - Re: Buffer Overflows: A Summary Adam Shostack (May 05)
    - Re: Buffer Overflows: A Summary Eilon Gishri (May 06)

(Thread continues...)