Bugtraq mailing list archives

Re: Possible weakness in LPD protocol

From: chris () NETMONGER NET (Christopher Masto)
Date: Fri, 3 Oct 1997 16:14:20 -0400


On Fri, Oct 03, 1997 at 02:43:16AM +0200, Thomas Roessler wrote:

On October 02 1997, Bennett Samowich wrote:

1.) Obtaining hard (or possibly soft) copies of any file on the system.
2.) Deleting any file on the system.
3.) Creating a file on the system.
4.) Mail bombing.


5.) Overflow at least one buffer from the network; this is just
above the "print any file" part of recvjob.c:


So far, I haven't seen any mention of LPRng.  It was supposedly
designed with more security in mind, though I suspect the meaning of
"security" was more "students can't print stuff for free" rather than
a seach for buffer overruns and such.  Anyone know how it compares?
--
= Christopher Masto        = chris () netmonger net = http://www.netmonger.net/  =
= NetMonger Communications = finger for  PGP key = $19.95/mo unlimited access =
= Director of Operations   =   (516)  221-6664   = mailto:info () netmonger net  =

v---(cut here)---v
    --
    yourname () some dumb host com
    "Keep in mind that anything Kibo says makes a great sig."  -- Kibo
^---(cut here)---^

Current thread:

Security Bulletin for telnet services in HP-UX rel. 10.30 Aleph One (Oct 01)
- underestimating crackers Tim Newsham (Oct 01)
  - Re: underestimating crackers John Bashinski (Oct 02)
- [RISKS DIGEST 19.40] Possible breakthrough in NP-completeness Brian Tao (Oct 01)
- Possible weakness in LPD protocol Bennett Samowich (Oct 02)
  - Re: Possible weakness in LPD protocol Thomas Roessler (Oct 02)
    - Re: Possible weakness in LPD protocol Christopher Masto (Oct 03)
    - xc Aleph One (Oct 03)
- NT Domain Authentication Protocol - draft Aleph One (Oct 02)